> > Of course, if secmark is enabled, then recv_msg is likewise > "obsoleted".
In the secmark case, the following is how the mls constraint would
look like (causing the connection request to fail in the "unprivileged"
case):
# the packet "recv" op (implicit single level)
mlsconstrain packet recv
(( l1 eq l2 ) or
(( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
( t1 == mlsnetread ));
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
