From: clement.parard@gmail.com (=?ISO-8859-1?Q?Cl=E9ment_Parard?=)
Date: Wed, 24 Apr 2013 18:33:33 +0200
Subject: [refpolicy] write equal --> no write down
Message-ID: <CAChsXUb1fPjiB3Y0wqfp68MOfsLHZdiRq-f-2qtPXAwXCXusaw@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello.

I would like to modify the policy/mls file to change the "write equal" to
"no write down". However, despite several attempts, I don't.
Is it possible to get help? I work under CentOS 6.4.
I have three users with three different /home each has a different level of
confidentiality (s0,s1,s2) and i'd get "no read up, no write down". "no
read up" is ok by default but not "no write down".

Logically, I will edit this part :

# the "single level" file "write" ops
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file
} { write create setattr relabelfrom append unlink link rename mounton
}
	(( l1 eq l2 ) or
	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
	 (( t2 == mlsfilewriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
	 ( t1 == mlsfilewrite ) or
	 ( t2 == mlstrustedobject ));

# Directory "write" ops
mlsconstrain dir { add_name remove_name reparent rmdir }
	(( l1 eq l2 ) or
	 (( t1 == mlsfilewriteinrange ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
	 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
	 ( t1 == mlsfilewrite ) or
	 ( t2 == mlstrustedobject ));


Thank you in advance.
Cordially.

-- 
Cl?ment Parard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130424/511e7abc/attachment.html