[selinux-policy: 1267/3172] updated mls comments from chad hanson

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:54:37 UTC 2010 

commit 63e0a1e078207c108ade201a265b669d7c8a4dbf
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Mar 13 15:36:38 2006 +0000

    updated mls comments from chad hanson

 refpolicy/Changelog  |    1 +
 refpolicy/policy/mls |   12 +++++++++---
 2 files changed, 10 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 8dac5cd..722f767 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,4 @@
+- Updated comments in mls file from Chad Hanson.
 - Added modules:
 	amavis (Erich Schubert)
 	apt (Erich Schubert)
diff --git a/refpolicy/policy/mls b/refpolicy/policy/mls
index 6f585f6..3a35bde 100644
--- a/refpolicy/policy/mls
+++ b/refpolicy/policy/mls
@@ -293,8 +293,14 @@ mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_s
 #
 # { tcp_socket unix_stream_socket } { connectto newconn acceptfrom }
 #
+# tcp_socket name_connect
+#
 # { netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_xfrm_socket netlink_audit_socket netlink_ip6fw_socket } nlmsg_write
 #
+# netlink_audit_socket { nlmsg_relay nlmsg_readpriv }
+#
+# netlink_kobject_uevent_socket *
+#
 
 
 
@@ -365,7 +371,7 @@ mlsconstrain { netif node } { tcp_send udp_send rawip_send }
 	(( l1 dom l2 ) and ( l1 domby h2 ));
 
 # these access vectors have no MLS restrictions
-# { netif node } { enforce_dest }
+# node enforce_dest
 
 
 
@@ -397,7 +403,7 @@ mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec se
 	 ( t1 == mlsprocwrite ));
 
 # these access vectors have no MLS restrictions
-# process { fork sigchld signull noatsecure siginh setrlimit rlimitinh execmem }
+# process { fork sigchld signull noatsecure siginh setrlimit rlimitinh execmem execstack execheap }
 
 
 
@@ -663,6 +669,6 @@ mlsconstrain xinput { setattr relabelinput }
 #
 
 # these access vectors have no MLS restrictions
-# association { sendto recvfrom }
+# association *
 
 ') dnl end enable_mls

More information about the scm-commits mailing list