Mounts on sock files indicates a bug

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>

4 files changed, 4 insertions, 4 deletions

diff --git a/src/file.cil b/src/file.cil
index a393021..16f165f 100644
--- a/src/file.cil
+++ b/src/file.cil
@@ -844,7 +844,7 @@
     (allow typeattr file.typeattr
 	   (lnk_file (not (audit_access execmod map mounton))))
     (allow typeattr file.typeattr
-	   (sock_file (not (audit_access execmod map))))))
+	   (sock_file (not (audit_access execmod map mounton))))))
 
 (in unconfined
 
diff --git a/src/fs.cil b/src/fs.cil
index f8051ce..da3d942 100644
--- a/src/fs.cil
+++ b/src/fs.cil
@@ -586,7 +586,7 @@
     (allow typeattr fs.typeattr
 	   (lnk_file (not (audit_access execmod map mounton))))
     (allow typeattr fs.typeattr
-	   (sock_file (not (audit_access execmod map))))))
+	   (sock_file (not (audit_access execmod map mounton))))))
 
 (in invalid.unconfined
 
diff --git a/src/invalid.cil b/src/invalid.cil
index c5c20be..b11a4e0 100644
--- a/src/invalid.cil
+++ b/src/invalid.cil
@@ -434,7 +434,7 @@
     (allow typeattr .invalid
 	   (lnk_file (not (audit_access execmod map mounton relabelto))))
     (allow typeattr .invalid
-	   (sock_file (not (audit_access execmod map relabelto))))))
+	   (sock_file (not (audit_access execmod map mounton relabelto))))))
 
 (in unconfined
 
diff --git a/src/unlabeled.cil b/src/unlabeled.cil
index bccde44..1703472 100644
--- a/src/unlabeled.cil
+++ b/src/unlabeled.cil
@@ -375,7 +375,7 @@
     (allow typeattr .unlabeled
 	   (lnk_file (not (audit_access execmod map mounton relabelto))))
     (allow typeattr .unlabeled
-	   (sock_file (not (audit_access execmod map relabelto))))))
+	   (sock_file (not (audit_access execmod map mounton relabelto))))))
 
 (in unconfined