[redhat-lspp] MCS support

Stephen Smalley sds at tycho.nsa.gov
Wed Jul 13 13:27:09 UTC 2005


On Wed, 2005-07-13 at 09:00 -0400, Daniel J Walsh wrote:
> Yes, We need all files/processes to be s0.
> 
> Could it just be inferred from the
> sid file_labels system_u:object_r:unlabeled_t:s9:c0.c127
> 
> Or some other default.
> 
> So you could default the missing parts from some initial_sid_context

Hmm...well, SELinux already uses initial sid 'file' as the default label
for any files that lack an xattr, so that would normally also be set to
system high under a MLS policy, I would assume.  So possibly the kernel
could use the MLS value from that initial SID context as the default MLS
value?

-- 
Stephen Smalley
National Security Agency




More information about the redhat-lspp mailing list