[redhat-lspp] mls level to without classification
Linda Knippers
linda.knippers at hp.com
Mon Aug 28 18:05:50 UTC 2006
Stephen Smalley wrote:
> Using compat_net isn't difficult; it just requires reverting the change
> to libselinux so that it won't be overwritten upon policy load, and then
> putting something in your certification package to enable it manually,
> most likely by echo'ing a 1 to /selinux/compat_net from rc.sysinit or
> similar. So that is certainly doable if you need it.
I didn't see any more mail on this subject but reverting the change
to libselinux sounds like a good idea to me, even if we do include
secmark in the LSPP evaluation. If the default for the kernel parameter
is to use secmark then the only people who have to worry about the
setting are the ones who want legacy controls. Having a way for them
to turn it on without it being turned off again seems like a good
idea.
-- ljk
More information about the redhat-lspp
mailing list