Signed-off-by: Kenton Groombridge <me@xxxxxxxxxx>
---
policy/mcs | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/policy/mcs b/policy/mcs
index 6207b2734..54d06f292 100644
--- a/policy/mcs
+++ b/policy/mcs
@@ -91,7 +91,7 @@ mlsconstrain { lnk_file chr_file blk_file sock_file } { write setattr }
# New filesystem object labels must be dominated by the relabeling subject
# clearance, also the objects are single-level.
-mlsconstrain file { create relabelto }
+mlsconstrain { file lnk_file fifo_file } { create relabelto }
((( h1 dom h2 ) and ( l2 eq h2 )) or
( t1 != mcs_constrained_type ));
@@ -99,9 +99,6 @@ mlsconstrain file { create relabelto }
mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
-mlsconstrain { file lnk_file fifo_file } { create relabelto }
- (( l2 eq h2 ) or ( t1 != mcs_constrained_type ));
-
mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
--
2.33.1
