nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mcs: Add additional socket constraints. 

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2022-06-20 14:50:20 -04:00
parent 8e32ade524
commit 5e6ede3da6
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
policy/mcs
View File

@ -86,9 +86,21 @@ mlsconstrain { file lnk_file fifo_file } { create relabelto }
mlsconstrain process { transition dyntransition ptrace sigkill sigstop signal }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain socket_class_set { create ioctl read write setattr append bind connect getopt setopt shutdown }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain stream_socket_class_set { listen accept }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain { tcp_socket udp_socket rawip_socket sctp_socket } node_bind
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain unix_stream_socket connectto
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain unix_dgram_socket sendto
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain key { create link read search setattr view write }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));