l1 domby l2 for contains MLS constraint
As identified by Stephan Smalley, the current MLS constraint for the contains permission of the context class should consider the current level of a user along with the clearance level so that mls_systemlow is no longer considered contained in mls_systemhigh. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
This commit is contained in:
Harry Ciao
Chris PeBenito
parent
6c00b1eea3
commit
4c365f4a6a
|
|
@ -720,7 +720,7 @@ mlsconstrain context translate
|
|||
(( h1 dom h2 ) or ( t1 == mlstranslate ));
|
||||
|
||||
mlsconstrain context contains
|
||||
( h1 dom h2 );
|
||||
(( h1 dom h2 ) and ( l1 domby l2));
|
||||
|
||||
#
|
||||
# MLS policy for database classes
|
||||
|
|
|
|||
Loading…
Reference in New Issue