Changes to allow namespace_init_t to work

diff --git a/policy/mcs b/policy/mcs
index 92b617721702b3a77ca5e844bf0272b668edbf74..09eea90430e0adfad09b457304aa7613df5a4a2a 100644 (file)
--- a/policy/mcs
+++ b/policy/mcs
@@ -103,10 +103,13 @@ mlsconstrain file { create relabelto }
 
 # new file labels must be dominated by the relabeling subject clearance
 mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
-       ( h1 dom h2 );
+       (( h1 dom h2 ) or ( t1 == mcswriteall ));
+
+mlsconstrain { file lnk_file fifo_file } { create relabelto }
+       ( l2 eq h2 );
 
 mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
-       (( h1 dom h2 ) and ( l2 eq h2 ));
+       ( h1 dom h2 );
 
 mlsconstrain process { transition dyntransition }
        (( h1 dom h2 ) or ( t1 == mcssetcats ));