Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Another place where policy blows up because of translations in MCS.
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Tue, 30 Aug 2005 12:09:31 -0400
That looks correct to me. file_contexts for MCS should include the s0 component. The goal wasn't to allow you to ship policy without MLS fields, just to not require a complete relabeling of the filesystem upon an upgrade from non-MLS to MLS/MCS. A while back, I added the 'make mlsconvert' target to the policy Makefile to allow simple conversion to a MLS enabled policy from the example policy. On a different note, is anyone working on kernel patch to cause SELinux to set the on-disk xattr to be consistent with the incore inode security label when it lacks the MLS field, so that getxattr will subsequently return the right value? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 30 Aug 2005 - 12:12:44 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |