[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: mls file level

From: Stephen Smalley <sds tycho nsa gov>
To: "Clarkson, Mike R (US SSA)" <mike clarkson baesystems com>
Cc: fedora-selinux-list redhat com
Subject: Re: mls file level
Date: Mon, 26 Nov 2007 12:59:38 -0500

On Mon, 2007-11-26 at 09:46 -0800, Clarkson, Mike R (US SSA) wrote:
> When a process creates a file, by default the file has the same mls
> level as the process. Is there a policy rule that can change the default
> behavior? I'm looking for something similar to the range_transition rule
> except that I want it to work for file level.

If your checkpolicy and kernel support policy version 21, then you can
define range_transition statements with class specifiers, ala:
	range_transition <source types> <target types : <target classes> <new
range>;

-- 
Stephen Smalley
National Security Agency

References:
- mls file level
  - From: Clarkson, Mike R \(US SSA\)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]