diff --git a/mls b/mls
index d5942c36f8a39e70d9818d4c8c591a20ab1cb3c0..06a9d09dbd5908b097f0aa0f99d7f034ee4dfda9 100644
--- a/mls
+++ b/mls
@@ -64,7 +64,7 @@ mlsconstrain dir_file_class_set { create relabelfrom relabelto }
 mlsconstrain dir { read getattr search }
 	     (l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
-mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute }
+mlsconstrain { file lnk_file sock_file chr_file blk_file } { open execute }
 	     (l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 # Write operations: Subject must be dominated by the object unless the