Hi, I was trying to use mcstrans with mcs policy on debian and found out that it doesn't translate anything after s0 level. It works with s1, s2...sN (N>0) levels with mls policy. Here is the issue: https://github.com/SELinuxProject/selinux/issues/191 It seems that sensitivity level might affect translation process. When I change line 1316 (https://github.com/SELinuxProject/selinux/blob/master/mcstrans/src/mcstrans.c#L1316) in mcstrans from: int doInverse = l->sens > 0; to int doInverse = l->sens >= 0; mcstrans starts to translate contexts with s0 level. Why is there this constraint? Would it break something if we relaxed it? Maybe we should add some parameter to distinguish between mls and mcs, otherwise, we have a situation when mcstrans doesn't work with mcs policies. -- Regards, Denis Obrezkov
