f497b8df50
> We could add another 'or' on the above constraint: > > or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) ) > > I believe that would be the constraint you were looking for. I don't > like the name of that attribute, but I couldn't come up with a better > one off the top of my head. :) > Attached is a patch which I've tested against selinux-policy-2.4.2-1 that implements this additional constraint. The name is still a bit forced, but it works. -matt <mra at hp dot com> |
||
|---|---|---|
| .. | ||
| admin | ||
| apps | ||
| kernel | ||
| services | ||
| system | ||