[redhat-lspp] Re: What is the preferered way of setting a machines maximum sensitivity?
Stephen Smalley
sds at tycho.nsa.gov
Fri Jun 16 20:19:14 UTC 2006
On Fri, 2006-06-16 at 15:44 -0400, Daniel J Walsh wrote:
> We need to be able to set the maximum login sensitivity on a machine in
> such a way that the login programs and
> network aware applications enforce this. How do you go about doing this?
If you want it applied system-wide rather than per-user, they are
automatically bounded by their high/clearance level, so if you set the
range_transition for them in policy (or explicitly run them in the
desired range in some manner, e.g. via runcon), then they shouldn't be
able to transition above that high/clearance.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list