|
In the policy for the Trusted RUBIX DBMS, we assign
file contexts using the following (only one representative dir,
'backups', shown): ifdef(`enable_mls',` /var/lib/RUBIXdbms/backups(/.*)? gen_context(system_u:object_r:rubix_backup_t,mls_systemhigh) ') ifdef(`enable_mcs',` /var/lib/RUBIXdbms/backups(/.*)? gen_context(system_u:object_r:rubix_backup_t,mcs_systemhigh) ') When using the mls policy, I get the expected level of mls_systemhigh (s15:c0.c1023). But when using the targeted policy, I get an unexpected value for mcs_systemhigh. I would expect to get s0:c0.c1023, but get s0. I have verified this behavior on Fedora 9 and 12. Is my assumption wrong about what mcs_systemhigh should be or am I missing something? Relevant output from 'semanage fcontext -l' /var/lib/RUBIXdbms/backups(/.*)? all files system_u:object_r:rubix_backup_t:s0 Thanks, Andy |
