[redhat-lspp] Just noticed a problem with semanage/semodule and SELinux policy
Stephen Smalley
sds at tycho.nsa.gov
Thu Jan 25 11:57:08 UTC 2007
On Wed, 2007-01-24 at 16:37 -0500, Daniel J Walsh wrote:
> Currently you can run semanage/semodule at SystemLow and they end up
> creating files in /etc/selinux/mls/seusers and
> /etc/selinux/mls/policy/policy.21 at SystemLow.
>
> The system defaults say they should be at SystemHigh. I am not sure why
> they are specified at SystemHigh, but we either need to change the
> specification or lots of other files need to be moved to system high and
> perhaps only allow semanage to run at SystemHigh.
>
> Running semanage at SystemHigh, ends up creating a bunch of files at
> SystemHigh that should be SystemLow, also. So no easy fix.
Running semanage/semodule at SystemLow and using range_transition to
transition the files to SystemHigh may work. But are they truly
SystemHigh in their data?
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list