On Thu, Feb 19, 2015 at 07:40:48AM PST, Dominick Grift spake thusly: > The MCS implementation has been changed a bit over the years on the policy side. Is there a RHEL 6 version of the link I pasted below with up to date info? Lack of documentation and frequent changes rendering documentation obsolete combined with the inherent complexity of something like this are the main issues holding back SELinux adoption. > Back in the earlier day's MCS was enforced on all proceses in redhat distro's by default Yeah...I actually had it working in a test setup in RHEL 5 but never got it deployed widely. Now we are trying to redo it with RHEl 6 and running into issues. > Nowaday's that is no longer the case, and you need to opt-in for it by associating the mcs_constrained_type type attribute with the type of the process to constrain. > > In rhel6 this attribute name does not exist i suspect. It was renamed to aforementioned later. > > A seinfo -a | grep mcs might reveal the type attribute used for the same in RHEL6. (i think its something with trusted or untrusted, dunno for sure) I don't follow this part... The seinfo output is: # seinfo -a | grep mcs mcssetcats mcswriteall mcskillall mcsreadall mcsnetwrite mcsuntrustedproc mcsptraceall How do these type attributes relate to MCS? -- Tracy Reed
Attachment:
pgp9CI3iAkIFd.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
