SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Problem with semodule mls policy This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Daniel J Walsh <dwalsh_at_redhat.com> Date: Wed, 15 Mar 2006 16:21:05 -0500 Stephen Smalley wrote: > On Wed, 2006-03-15 at 13:00 -0500, Joshua Brindle wrote: > >> I can buy this, as well as nodecons having different levels. The strange >> thing is that you don't know what the levels are exactly, you just know >> their relationships to each other. ie: eth0 is s1 and eth1 is s5 so eth1 >> is higher sensitivity even though I don't know what that sensitivity >> means. How big of an issue is this? Chad? >> >> writing down files of different levels from within libsemanage means any >> libsemanage client must be mls trusted, which may or may not be an >> issue, I'm not sure. >> >> So, if this is an issue then both seusers and policy.20 need to be >> labeled differently.. should this be done through libsemanage config or >> some appconfig in the policy? >> > > libsemanage could call matchpathcon and just use the returned context, > as long as we guarantee an initial installed file_contexts file for > bootstrapping. semanage.conf is not an option I suppose since it now > lives directly in /etc/selinux and is policy-independent. > > If you don't have an initial file_contexts file at install time, you are going to have a lot more problems than this. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 15 Mar 2006 - 16:21:33 EST This message: [ Message body ] Next message: Erich Schubert: "one line fix for tor module" Previous message: Stephen Smalley: "ANN: Updated SELinux Release" In reply to: Stephen Smalley: "Re: Problem with semodule mls policy" Next in thread: Chad Hanson: "RE: Problem with semodule mls policy" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom