[redhat-lspp] MCS support
Stephen Smalley
sds at tycho.nsa.gov
Wed Jul 13 13:27:09 UTC 2005
On Wed, 2005-07-13 at 09:00 -0400, Daniel J Walsh wrote:
> Yes, We need all files/processes to be s0.
>
> Could it just be inferred from the
> sid file_labels system_u:object_r:unlabeled_t:s9:c0.c127
>
> Or some other default.
>
> So you could default the missing parts from some initial_sid_context
Hmm...well, SELinux already uses initial sid 'file' as the default label
for any files that lack an xattr, so that would normally also be set to
system high under a MLS policy, I would assume. So possibly the kernel
could use the MLS value from that initial SID context as the default MLS
value?
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list