Re: MCS
On Friday 02 September 2005 17:09, James Morris wrote:
On Fri, 2 Sep 2005, Gene Czarcinski wrote:
> 6. Any tips on using MCS?
The usage scenario is intended to be flexible:
1) Create names for your categories
where is this specified?
2) Assign users to categories
where is this specified?
3) Let users label their files with the categories as they see fit
So, a simple example might be:
a) Define c1 to mean "Company_Confidential"
b) Configure all users to have access to c1
c) Users add this label to files like "secret_product_plan.pdf"
d) httpd, ftpd etc. can't access the file anymore
e) When printed, this category label is automatically added to the header
and footer of each page or a cover sheet (once labeled printing is
completed).
Also, in /etc/sysconfig/selinux, do I need to specify SELINUXTYPE=mcs ?
I assume I need to install the packages that are in
ftp://people.redhat.com/dwalsh/selinux ... especially those under mcs.
BTW, it would be nice if the src.rpm packages were available also (e.g.,
libsetrans) so that I could look at the code if I have any questions.
Also, I assume that polyinstantiation of /tmp and /home is not planned for MCS
but intended only for MLS ... correct? I assume this since you did not
mention the use of "newrole" with respect to MCS.
Gene