MLS extension and non-base modules
Stephen Smalley
sds at tycho.nsa.gov
Wed Oct 25 14:54:06 UTC 2006
On Wed, 2006-10-25 at 10:12 -0400, Sandra Julieta Rueda Rodriguez wrote:
> Hello,
>
> Since the recommendation is to work with modules. I was wondering if this
> is still true for the mls extension:
>
> "Security level statements are valid only in monolithic policies and base
> loadable modules. They are not valid in conditional statemens and non-base
> loadable modules".
> (Security level statements refers to sensitivity definition).
>
> So, in the case of an mls extension I have to work with a monolithic
> policy, is that right?
Not necessarily; you can still use modular policy, but you have to
replace the base module with one that contains your new definitions.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list