On Wed, 2008-05-28 at 12:18 -0500, Xavier Toth wrote:
> Here's what I've actually ended up using to allow pasting equal or up
> without requiring confirmation and to require confirmation when
> attempting to paste down:
>
> Index: policy/mls
> ===================================================================
> --- policy/mls (revision 2704)
> +++ policy/mls (working copy)
> @@ -574,11 +574,11 @@
>
> # the x_application_data "paste" ops (explicit single level)
> mlsconstrain x_application_data { paste }
> - ( l1 eq l2 );
> + (( l1 eq l2 ) or ( l1 domby l2 ));
Isn't the (l1 eq l2) redundant?
> # the x_application_data "paste_after_confirm" ops (downgrade permitted)
> mlsconstrain x_application_data { paste_after_confirm }
> - ( l1 domby l2 );
> + ( l1 dom l2 );
>
>
> #
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
