auditctl se_sen & se_clr
Stephen Smalley
sds at tycho.nsa.gov
Fri May 19 15:17:49 UTC 2006
On Fri, 2006-05-19 at 10:07 -0500, Michael C Thompson wrote:
> Hey all,
>
> I'm trying to figure out how the se_sen and se_clr labels are supposed
> to be used with auditctl.
>
> Here is the selinux context:
> subj=root:staff_r:staff_t:s0-s15:c0.c255
> ^ ^ ^ ^
> se_user ^ se_type ^
> se_role se_clr & se_sen
>
> What is the difference between se_clr and se_sen? And if you have any
> enlightening examples, that would be appreciated.
IIRC, se_sen is how audit refers to the low level (aka sensitivity,
current level) and se_clr is how audit refers to the high level (aka
clearance, max level) of a MLS range in a SELinux context. In the
context above, the se_sen would be the "s0" and the se_clr would be the
"s15:c0.c255".
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list