[redhat-lspp] mls level to without classification
Klaus Weidner
klaus at atsec.com
Mon Aug 21 21:40:04 UTC 2006
On Mon, Aug 21, 2006 at 02:42:59PM -0300, Rodrigo Vivi wrote:
> Is it possible to change the mls level of a file to "without classification" ?
You can give it the "trusted object" attribute which will allow access
without MLS restrictions (access will still be controlled by
DAC/RBAC/TE).
Look for "mls_trusted_object" entries in the refpolicy source for
examples. For a quick&dirty hack, you could try labeling the file as
"dev_null_t" which is such a trusted object in the default MLS config.
-Klaus
More information about the redhat-lspp
mailing list