[redhat-lspp] mls level to without classification
Stephen Smalley
sds at tycho.nsa.gov
Mon Aug 28 18:35:28 UTC 2006
On Mon, 2006-08-28 at 14:05 -0400, Linda Knippers wrote:
> Stephen Smalley wrote:
> > Using compat_net isn't difficult; it just requires reverting the change
> > to libselinux so that it won't be overwritten upon policy load, and then
> > putting something in your certification package to enable it manually,
> > most likely by echo'ing a 1 to /selinux/compat_net from rc.sysinit or
> > similar. So that is certainly doable if you need it.
>
> I didn't see any more mail on this subject but reverting the change
> to libselinux sounds like a good idea to me, even if we do include
> secmark in the LSPP evaluation. If the default for the kernel parameter
> is to use secmark then the only people who have to worry about the
> setting are the ones who want legacy controls. Having a way for them
> to turn it on without it being turned off again seems like a good
> idea.
Yes, already done in libselinux 1.30.27.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list