Hi,
In FC11, is there a limit to the number of category elements that can be compared to make access decisions using MCS? My understanding is that up to 1024 categories can be assigned in setrans.conf, however, only six or fewer categories can be used for comparision to make access decisions.
For example, when I assign a login user to 7 categories (e.g., s:0, c1, c2, c5, c8, c11, c12, c19) and label a file with the exact same categories number, permission is denied if the user tries to cat out the file(Unix dacl permissions allow the user read access)
When I assign less than 7 of the exact same categories to the file and user, the user can open the file.
I've tried using ranges (c2.c5, c10.c18, etc ), and found that there appears to be a four element limitation with the range notation.
Does this sound right?
Thanks.
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list