commit: d153318cce412ac7ca5bebf1c80a675e33b2065f Author: Kenton Groombridge <me <AT> concord <DOT> sh> AuthorDate: Wed Oct 13 17:38:09 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Nov 20 22:58:24 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d153318c
corenet: make netlabel_peer_t mcs constrained Signed-off-by: Kenton Groombridge <me <AT> concord.sh> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/kernel/corenetwork.te.in | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index 2ab19f55..9deaa2ed 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -53,6 +53,7 @@ network_packet_simple(icmp) # type netlabel_peer_t; sid netmsg gen_context(system_u:object_r:netlabel_peer_t,mls_systemhigh) +mcs_constrained(netlabel_peer_t) # # port_t is the default type of INET port numbers.