[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[redhat-lspp] Re: What is the preferered way of setting a machines maximum sensitivity?

From: Stephen Smalley <sds tycho nsa gov>
To: Daniel J Walsh <dwalsh redhat com>
Cc: redhat-lspp <redhat-lspp redhat com>, Chad Hanson <chanson TrustedCS com>
Subject: [redhat-lspp] Re: What is the preferered way of setting a machines maximum sensitivity?
Date: Fri, 16 Jun 2006 16:19:14 -0400

On Fri, 2006-06-16 at 15:44 -0400, Daniel J Walsh wrote:
> We need to be able to set the maximum login sensitivity on a machine in 
> such a way that the login programs and
> network aware applications enforce this.  How do you go about doing this?

If you want it applied system-wide rather than per-user, they are
automatically bounded by their high/clearance level, so if you set the
range_transition for them in policy (or explicitly run them in the
desired range in some manner, e.g. via runcon), then they shouldn't be
able to transition above that high/clearance.

-- 
Stephen Smalley
National Security Agency

References:
- [redhat-lspp] What is the preferered way of setting a machines maximum sensitivity?
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]