Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   mls file level (http://www.linux-archive.org/fedora-selinux-support/5546-mls-file-level.html)

"Clarkson, Mike R (US SSA)" 11-26-2007 04:46 PM
mls file level
 
When a process creates a file, by default the file has the same mls
level as the process. Is there a policy rule that can change the default
behavior? I'm looking for something similar to the range_transition rule
except that I want it to work for file level.

Thanks


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Stephen Smalley 11-26-2007 04:59 PM
mls file level
 
On Mon, 2007-11-26 at 09:46 -0800, Clarkson, Mike R (US SSA) wrote:
> When a process creates a file, by default the file has the same mls
> level as the process. Is there a policy rule that can change the default
> behavior? I'm looking for something similar to the range_transition rule
> except that I want it to work for file level.

If your checkpolicy and kernel support policy version 21, then you can
define range_transition statements with class specifiers, ala:
range_transition <source types> <target types : <target classes> <new
range>;

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


All times are GMT. The time now is 05:12 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.