The sctp tests were relying on netlabel_peer_t being subject to MCS constraints in order to deny access. refpolicy/Debian do not currently make netlabel_peer_t a MCS-constrained type, so make it so in the test policy to provide consistent behavior for testing. Alternatively (or in addition) we could make test_sctp_server_t a MCS-constrained type similar to test_inet_server_t. Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> --- policy/test_sctp.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/test_sctp.te b/policy/test_sctp.te index df8606e..3b16db1 100644 --- a/policy/test_sctp.te +++ b/policy/test_sctp.te @@ -25,6 +25,7 @@ allow nfsd_t netlabel_sctp_peer_t:peer recv; gen_require(` type netlabel_peer_t; ') +mcs_constrained(netlabel_peer_t) # ############### Declare an attribute that will hold all peers ############### -- 2.23.1
