James Morris wrote:
On Tue, 27 Jan 2009, KaiGai Kohei wrote:
At the LCA example, I assigned sepgsql_fixed_table_t on the
"drink" table, so newly inserted tuples also inherit it.
Can this type be anything defined by the admin?
YES, as follows:
CREATE TABLE drink (
id integer primary key,
name text security_label = 'system_u:object_r:example_foo_t',
price integer
) security_label = 'system_u:object_r:example_var_t';
It enables to create a table/columns with specified context.
and,
INSERT INTO drink (security_label, id, name, price)
VALUES ('system_u:object_r:example_baz_t', 1, 'coffee', 120);
It enables to insert a tuple with specified context.
(*) security_label is a system column, so it automatically
generated for all tables, and not expanded by "SELECT *".
Why is MCS being used in the example? Would anything stop the examples
using types such as "marketing_department_t" and "research_department_t",
with no MCS ?
It is possible, if we make an example policy module.
Thanks,
--
KaiGai Kohei <kaigai@xxxxxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
