mcs: Remove duplicate node_bind constraint.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
parent
ab2f8d35f1
commit
c99104ff1a
|
@ -162,9 +162,6 @@ mlsconstrain db_language { drop getattr setattr relabelfrom execute }
|
||||||
mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export }
|
mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export }
|
||||||
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
|
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
|
||||||
|
|
||||||
mlsconstrain { tcp_socket udp_socket rawip_socket } node_bind
|
|
||||||
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
|
|
||||||
|
|
||||||
# The node recvfrom/sendto ops, the recvfrom permission is a "write" operation
|
# The node recvfrom/sendto ops, the recvfrom permission is a "write" operation
|
||||||
# because the subject in this particular case is the remote domain which is
|
# because the subject in this particular case is the remote domain which is
|
||||||
# writing data out the network node which is acting as the object
|
# writing data out the network node which is acting as the object
|
||||||
|
|
Loading…
Reference in New Issue