On Fri, Oct 02, 2009 at 01:07:31PM -0400, Stephen Smalley wrote:
> On Fri, 2009-10-02 at 12:07 -0400, Stephen Smalley wrote:
> > On Fri, 2009-10-02 at 20:40 +0500, selinux@xxxxxxxx wrote:
> > > Hello, everyone.
> > > I'm just playing with MCS and trying to understand the system's behavior.
> > >
...
> > policy/mcs says:
> > mlsconstrain file { read }
> > (( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread ));
>
> So it is operating in accordance with the policy configuration. As to
> whether the policy configuration makes sense is another question, I
> think.
Oh, thanks, I see now.
But is there any place, where I can read human definition
of reference policy? I suppose, there should be one, that describes
every requirement, that the policy should meet (or guarantee) to be "correct"
or "have sense".
So I (and everyone else) could know out whether there is a bug or a feature
of a policy.
>
> I don't think MCS and MLS should be reusing each other's attributes in
> constraints, as not everything that requires an exception under the one
> will need an exception under the other.
>
> --
> Stephen Smalley
> National Security Agency
BTW, someone abuses yor email to distribute win32 PEs.
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
