Hi,
In FC11, is there a limit to the number of category elements that can be compared to make
access decisions using MCS? My understanding is that up to 1024 categories can be assigned
in setrans.conf, however, only six or fewer categories can be used for comparision to make
access decisions..
For example, when I assign a login user to 7 categories (e.g., s:0, c1, c2, c5, c8, c11,
c12, c19) and label a file with the exact same categories number, permission is denied if
the user tries to cat out the file(Unix dacl permissions allow the user read access)
When I assign less than 7 of the exact same categories to the file and user, the user can
open the file.
I've tried using ranges (c2.c5, c10.c18, etc ), and found that there appears to be a
four element limitation with the range notation.
Does this sound right?
Thanks.