[redhat-lspp] Re: New MLS constraint?
Matt Anderson
mra at hp.com
Wed Nov 1 00:47:19 UTC 2006
Christopher J. PeBenito wrote:
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for. I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>
Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint. The name is still a bit
forced, but it works.
-matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: writeinrange.patch
Type: text/x-patch
Size: 1943 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061031/b1e5ab79/attachment.bin>
More information about the redhat-lspp
mailing list