On Fri, May 15, 2020 at 4:02 PM Peter Whittaker <pww@xxxxxxxxxxxx> wrote: > > Folks, with whom I can verify whether there are errors on the SELinux > Project Wiki? As noted on the front page, selinuxproject.org isn't being updated and is just historical at this point. Anything new should go into the GitHub SELinuxProject wiki(s) instead. > Details: It looks like MCS information is missing from a few security > contexts on https://selinuxproject.org/page/NB_SQL_9.3 I think that particular page was derived from the SELinux Notebook, which was written by Richard Haines. Not sure if he is still updating it but he frequents the list. > The schema row has > > security_label = 'unconfined_u:object_r:sepgsql_schema_t:s10' > > which should likely be > > security_label = 'unconfined_u:object_r:sepgsql_schema_t:s0:c10' Those are two different contexts, both valid (if using MLS policy). Under MLS policy, there are multiple sensitivity levels (s0, s1, ...). The category set is optional and can be omitted if empty. > Likewise, the database row has > > context = 'unconfined_u:object_r:postgresql_db_t:s0' > > but I'm unsure whether this should be as is or whether it should also > have MCS info. That's also a valid context. > With whom can I verify this? (Not using PostgreSQL, just noticing > errors as I crawl through my hardcopy of the handbook.)
