rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

It was just pointed out to me that the raw IP socket class is missing from the

Browse Source 
recvfrom MLS constraint.

Signed-off-by: Paul Moore
This commit is contained in:
Chris PeBenito 2007-03-09 14:45:19 +00:00
parent 0cca516db7
commit b50f2ee48d
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog
View File

@ -1,3 +1,4 @@
- Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
- Patch for handling restart of nscd when ran from useradd, groupadd, and - Patch for handling restart of nscd when ran from useradd, groupadd, and
admin passwd, from Dan Walsh. admin passwd, from Dan Walsh.
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh. - Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.

2
policy/mls
View File

@ -183,7 +183,7 @@ mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_s
( t1 == mlsnetwrite )); ( t1 == mlsnetwrite ));
# used by netlabel to restrict normal domains to same level connections # used by netlabel to restrict normal domains to same level connections
mlsconstrain { tcp_socket udp_socket } recvfrom mlsconstrain { tcp_socket udp_socket rawip_socket } recvfrom
(( l1 eq l2 ) or (( l1 eq l2 ) or
(( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
( t1 == mlsnetread )); ( t1 == mlsnetread ));