mls: Add setsockcreate constraint.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Chris PeBenito <chpebeni@linux.microsoft.com> 2022-06-23 15:33:34 -0400
committer: Jason Zaman <perfinion@gentoo.org> 2022-09-03 11:41:55 -0700
commit: d0b423d30f512d496de5906810303f301fa8a241 (patch)
tree: 71069fd34b766b40b0020aa9df23c4cea0e35eec
parent: mcs: Reorganize file. (diff)
download: hardened-refpolicy-d0b423d30f512d496de5906810303f301fa8a241.tar.gz
hardened-refpolicy-d0b423d30f512d496de5906810303f301fa8a241.tar.bz2
hardened-refpolicy-d0b423d30f512d496de5906810303f301fa8a241.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/mls b/policy/mls
index 8ba40c07..3cf4110d 100644
--- a/policy/mls
+++ b/policy/mls
@@ -377,7 +377,7 @@ mlsconstrain process { getsched getsession getpgid getcap getattr ptrace share }
 	 ( t1 == mlsprocread ));
 
 # all the process "write" ops (note the check is equality on the low level)
-mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec setfscreate setcurrent ptrace share }
+mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec setfscreate setsockcreate setcurrent ptrace share }
 	(( l1 eq l2 ) or
 	 (( t1 == mlsprocwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
 	 ( t1 == mlsprocwrite ));
author	Chris PeBenito <chpebeni@linux.microsoft.com>	2022-06-23 15:33:34 -0400
committer	Jason Zaman <perfinion@gentoo.org>	2022-09-03 11:41:55 -0700
commit	d0b423d30f512d496de5906810303f301fa8a241 (patch)
tree	71069fd34b766b40b0020aa9df23c4cea0e35eec
parent	mcs: Reorganize file. (diff)
download	hardened-refpolicy-d0b423d30f512d496de5906810303f301fa8a241.tar.gz hardened-refpolicy-d0b423d30f512d496de5906810303f301fa8a241.tar.bz2 hardened-refpolicy-d0b423d30f512d496de5906810303f301fa8a241.zip