]> git.ipfire.org Git - people/stevee/selinux-policy.git/commit - Changelog
projects / people / stevee / selinux-policy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d9845ae) | patch
Christopher J. PeBenito wrote:
authorChris PeBenito <cpebenito@tresys.com>
Wed, 1 Nov 2006 15:42:22 +0000 (15:42 +0000)
committerChris PeBenito <cpebenito@tresys.com>
Wed, 1 Nov 2006 15:42:22 +0000 (15:42 +0000)
commitf497b8df50e903a88fd42deb18784ee82eb3728d
treea060fce5165a5db4b86838dc0293031ed97b8763tree | snapshot
parentd9845ae92aa009dbaa25291d335602c828fdd9f7commit | diff
Christopher J. PeBenito wrote:
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for.  I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>

Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint.  The name is still a bit
forced, but it works.

-matt <mra at hp dot com>
Changelog diff | blob | blame | history
policy/mls diff | blob | blame | history
policy/modules/kernel/devices.te diff | blob | blame | history
policy/modules/kernel/mls.if diff | blob | blame | history
policy/modules/kernel/mls.te diff | blob | blame | history
The IPFire selinux policy.