updated mls comments from chad hanson

diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 8dac5cd2d05bdb8b467f4ebd046c982035d58587..722f767d3086f2e54926dee1a139ee68870c5a09 100644 (file)
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,4 @@
+- Updated comments in mls file from Chad Hanson.
 - Added modules:
        amavis (Erich Schubert)
        apt (Erich Schubert)

diff --git a/refpolicy/policy/mls b/refpolicy/policy/mls
index 6f585f6a4eac7c25cc14b532e46b095ca2d7a474..3a35bde5ea72f3ed9ca60ebcb0a653b00c51bc27 100644 (file)
--- a/refpolicy/policy/mls
+++ b/refpolicy/policy/mls
@@ -293,8 +293,14 @@ mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_s
 #
 # { tcp_socket unix_stream_socket } { connectto newconn acceptfrom }
 #
+# tcp_socket name_connect
+#
 # { netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_xfrm_socket netlink_audit_socket netlink_ip6fw_socket } nlmsg_write
 #
+# netlink_audit_socket { nlmsg_relay nlmsg_readpriv }
+#
+# netlink_kobject_uevent_socket *
+#
 
 
 
@@ -365,7 +371,7 @@ mlsconstrain { netif node } { tcp_send udp_send rawip_send }
        (( l1 dom l2 ) and ( l1 domby h2 ));
 
 # these access vectors have no MLS restrictions
-# { netif node } { enforce_dest }
+# node enforce_dest
 
 
 
@@ -397,7 +403,7 @@ mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec se
         ( t1 == mlsprocwrite ));
 
 # these access vectors have no MLS restrictions
-# process { fork sigchld signull noatsecure siginh setrlimit rlimitinh execmem }
+# process { fork sigchld signull noatsecure siginh setrlimit rlimitinh execmem execstack execheap }
 
 
 
@@ -663,6 +669,6 @@ mlsconstrain xinput { setattr relabelinput }
 #
 
 # these access vectors have no MLS restrictions
-# association { sendto recvfrom }
+# association *
 
 ') dnl end enable_mls