diff options
| -rw-r--r-- | policy/mls | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -377,7 +377,7 @@ mlsconstrain process { getsched getsession getpgid getcap getattr ptrace share } ( t1 == mlsprocread )); # all the process "write" ops (note the check is equality on the low level) -mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec setfscreate setcurrent ptrace share } +mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec setfscreate setsockcreate setcurrent ptrace share } (( l1 eq l2 ) or (( t1 == mlsprocwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or ( t1 == mlsprocwrite )); |