It was just pointed out to me that the raw IP socket class is missing from the
recvfrom MLS constraint. Signed-off-by: Paul Moore
This commit is contained in:
parent
0cca516db7
commit
b50f2ee48d
|
@ -1,3 +1,4 @@
|
||||||
|
- Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
|
||||||
- Patch for handling restart of nscd when ran from useradd, groupadd, and
|
- Patch for handling restart of nscd when ran from useradd, groupadd, and
|
||||||
admin passwd, from Dan Walsh.
|
admin passwd, from Dan Walsh.
|
||||||
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
|
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
|
||||||
|
|
|
@ -183,7 +183,7 @@ mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_s
|
||||||
( t1 == mlsnetwrite ));
|
( t1 == mlsnetwrite ));
|
||||||
|
|
||||||
# used by netlabel to restrict normal domains to same level connections
|
# used by netlabel to restrict normal domains to same level connections
|
||||||
mlsconstrain { tcp_socket udp_socket } recvfrom
|
mlsconstrain { tcp_socket udp_socket rawip_socket } recvfrom
|
||||||
(( l1 eq l2 ) or
|
(( l1 eq l2 ) or
|
||||||
(( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
|
(( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
|
||||||
( t1 == mlsnetread ));
|
( t1 == mlsnetread ));
|
||||||
|
|
Loading…
Reference in New Issue