On Thu, 2005-05-26 at 09:41 +0300, George J. Jahchan wrote: > Is there a way in SE Linux to set security levels to sources / targets and deny > access from a source to any target whose security level is higher than that of > the source? Yes, but the MLS support wasn't enabled in FC3. It is included in the FC4 kernels, but is only enabled if you build a MLS-enabled policy (by default, MLS is disabled in the policy). Dan Walsh has an experimental MLS policy package that he is presently maintaining on his site (see the selinux-policy-mls* packages under ftp://people.redhat.com/dwalsh/SELinux/Fedora/) that should be available in the FC5 development tree when it opens (after FC4 is released). Alternatively, you can emulate MLS in SELinux via TE rules, by defining domains and types that correspond to the desired MLS levels and explicitly defining how they may interact via TE allow rules in a manner that is consistent with MLS restrictions. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
