MCS Levels and Ranges
Stephen Smalley
sds at tycho.nsa.gov
Wed Apr 15 12:27:28 UTC 2009
On Tue, 2009-04-14 at 16:01 -0700, Brian Ginn wrote:
> How should I interpret the following?
> The MCS Level and Range are confusing me.
> Or perhaps the difference between user and login is confusing me.
>
> 'semanage login -l' shows user_u has Range s0
> 'semanage user -l' shows user_u has Level s0 and Range SystemLow-SystemHigh
No, semanage login -l shows that by default, all Linux users are mapped
to the SELinux user identity user_u and assigned the range s0 at login
time. semanage user -l shows that SELinux user identity user_u is
authorized for the range SystemLow-SystemHigh in the security policy.
There are two distinct user identities:
1) The Linux user identities as defined by the passwd database,
2) The SELinux user identities defined in the security policy
configuration.
semanage login acts on the "seusers" configuration, which defines how to
map each Linux user identity to a SELinux user identity and a login
range. semanage user acts on the policy-defined SELinux user identities
and their associated roles and range.
The range for the Linux user must be a subset of the range for the
SELinux user. But multiple Linux users with different ranges might be
mapped to a single SELinux user whose range covers all of their
individual ranges.
>
> [root at rhel5 ~]# semanage login -l
>
> Login Name SELinux User MLS/MCS Range
>
> __default__ user_u s0
> root root SystemLow-SystemHigh
> [root at rhel5 ~]# semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range SELinux Roles
>
> root user s0 SystemLow-SystemHigh system_r sysadm_r user_r
> system_u user s0 SystemLow-SystemHigh system_r
> user_u user s0 SystemLow-SystemHigh system_r sysadm_r user_r
> [root at rhel5 ~]#
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list