Il 21-03-2018 22:32 Gary Tierney ha scritto:
Back in CentOS 6 every type was considered an "MCS constrained" type by
default.
CentOS 7 changed that behaviour by adding some constraints that only
considered a type MCS constrained if it was associated with a given
attribute
(see:
https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/mcs#L73).
So now category/compartment dominance is only considered if you have an
association between your type and the MCS attribute.
Interesting. What is/was the reasoning behind the change? I would
naively expect a CentOS6-like approach rather than the new one. Is is
possible to revert the the old behavior with something as an
all-or-nothing switch?
Thanks.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
