On Wed, 2011-08-17 at 11:27 -0400, rarob@xxxxxxxxxxxxxxxxxxxxxx wrote:
> Stephen,
> Basically I need to be able to run the equivalent of '/sbin/service *
> status' for any service, and eventually start/stop as well. I *think* I
> may have cracked a good chunk of it (the status portion) by adding
> 'domain_dontaudit_ptrace_all_domains()' and 'allow myDomain_t pidfile:
> {read getattr ioctl}'.
> I guess my understanding of SELinux is missing how the levels apply to a
> basic targeted policy. I had thought they didn't apply. Eventually we
> do want our policy to support MLC/MCS and ultimately the LSPP. If we're
> not running MCS/MLS does the SystemLow/SystemHigh ranges actually apply?
As of RHEL5 and later, the targeted policy includes MCS.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
