mcs: Remove duplicate node_bind constraint.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2022-06-23 15:24:14 -04:00
parent ab2f8d35f1
commit c99104ff1a
1 changed files with 0 additions and 3 deletions

View File

@ -162,9 +162,6 @@ mlsconstrain db_language { drop getattr setattr relabelfrom execute }
mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export } mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type )); (( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain { tcp_socket udp_socket rawip_socket } node_bind
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
# The node recvfrom/sendto ops, the recvfrom permission is a "write" operation # The node recvfrom/sendto ops, the recvfrom permission is a "write" operation
# because the subject in this particular case is the remote domain which is # because the subject in this particular case is the remote domain which is
# writing data out the network node which is acting as the object # writing data out the network node which is acting as the object