Ivan Makale wrote:
I'm studying SELinux and I'd like to find a clear explanation of the
syntax used in the setrans.conf file. Have anybody a web resource to
suggest?
So to give an example,
s0-s0:c0.c1023=SystemLow-SystemHigh
s0:c0.c1023=SystemHigh
Is '-' indicating a range between sensitivity levels and the ''.' a
range between categories? What's the difference between "s0" only and
"s0-s0"? And so on...
s0 only implies s0-s0
The first number in a sensitivity level range indicates the default level.
For the case of a process, this indicates you can use newrole to
transition to any of the levels in the range. For a directory, it
would indicate the allowable sensitively levels that can be placed in a
directory.
The . in a category is just a shorthand to indicate the sensitivity
level includes all categories from the beginning to the end. So
s0:c1.c5 is the same as s0:c1,c2,c3,c4,c5.
Thank you, Ivan Makale
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
