If the SECLABEL class is active and the file or directory has a security label, the current security label of the process must be greater than or equal to the security label of the resource or the security label of the resource must be greater than or equal to the current security label of the process, that is, the security labels are not disjoint. If MLFSOBJ is active, a failure will occur if the resource does not have a security label. Security label checking is bypassed if the ACEE indicates trusted or privileged authority or if the service has passed a system CRED. Security label checking will also be bypassed for the users with the AUDITOR attribute that are setting the audit options.