On Fri, 2 Sep 2005, Stephen Smalley wrote: > > 5. Is it the goal for MCS to make it fully implemented and an > > installation/upgrade option for FC5? > > Fully implemented IIUC. Yes, our hope is to make MCS the default for FC5, and for nobody to notice it's even there unless they start using category labels. It still needs some work. > > 8. IIUC, "newrole -l" will be used to switch level & category on an MLS > > system and "just" category on an MCS system. Is this correct? > > I would expect so, although possibly newrole could take an option just > for category setting. You should not need to change levels under MCS. In fact, a property of MCS is that processes always run at the same level "s0" and the high range clearance is only used for determining access to categories. If this is not enforced by policy yet, it probably should be. I'm planning on documenting MCS in more detail once we have a few more issues sorted out and hopefully ready to enable in rawhide. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
