Thanks, Stephen, if Richard haunts here, I'll let him comment. (Then I can send him my other errata! :->) Just a couple of comments: 1. I know the contexts are valid, but they are inconsistent with other contexts on that page (especially s10), and with other, related pages applicable to different versions. Given their context, they seem out of place. 2. There is a lot of historical and out of date SELinux information out there, I have no illusions about trying to correct it all, and I know this particular wiki isn't updated anymore, but it is there and present and if incorrect then misleading - that's why I reached out to the list - the information in github is organized quite differently and doesn't intersect completely with this particular wiki. Thanks, P Peter Whittaker EdgeKeep Inc. www.edgekeep.com +1 613 864 5337 +1 613 864 KEEP Peter Whittaker EdgeKeep Inc. www.edgekeep.com +1 613 864 5337 +1 613 864 KEEP On Fri, May 15, 2020 at 4:20 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Fri, May 15, 2020 at 4:02 PM Peter Whittaker <pww@xxxxxxxxxxxx> wrote: > > > > Folks, with whom I can verify whether there are errors on the SELinux > > Project Wiki? > > As noted on the front page, selinuxproject.org isn't being updated and > is just historical at this point. Anything new should go into the > GitHub SELinuxProject wiki(s) instead. > > > Details: It looks like MCS information is missing from a few security > > contexts on https://selinuxproject.org/page/NB_SQL_9.3 > > I think that particular page was derived from the SELinux Notebook, > which was written by Richard Haines. > Not sure if he is still updating it but he frequents the list. > > > The schema row has > > > > security_label = 'unconfined_u:object_r:sepgsql_schema_t:s10' > > > > which should likely be > > > > security_label = 'unconfined_u:object_r:sepgsql_schema_t:s0:c10' > > Those are two different contexts, both valid (if using MLS policy). > Under MLS policy, there are multiple sensitivity levels (s0, s1, ...). > The category set is optional and can be omitted if empty. > > > Likewise, the database row has > > > > context = 'unconfined_u:object_r:postgresql_db_t:s0' > > > > but I'm unsure whether this should be as is or whether it should also > > have MCS info. > > That's also a valid context. > > > With whom can I verify this? (Not using PostgreSQL, just noticing > > errors as I crawl through my hardcopy of the handbook.)