Dear All,<br>After switching on SELinux in MLS enforcing mode, I'd like to know how the slogan of "no read up, no write <br><br>down" works.<br>I created some text files with the following descriptions<br>TestFile_S0 system_u:object_r:usr_t:s0<br>
TestFile_S0C2 system_u:object_r:usr_t:s0:c2<br>TestFile_S1 system_u:object_r:usr_t:s1<br>TestFile_S2 system_u:object_r:usr_t:s2<br>TestFile_S2C11 system_u:object_r:usr_t:s2:c11<br>TestFile_S2C5 system_u:object_r:usr_t:s2:c5<br>
TestFile_S3 system_u:object_r:usr_t:s3<br>TestFile_S3C14 system_u:object_r:usr_t:s3:c14<br>TestFile_S3C5 system_u:object_r:usr_t:s3:c5<br>After creating these text file, I went to create users having different security clearance;<br>
The clearance of each created user is listed bellow:<br><br><b>Login Name SELinux User Role MLS/MCS Range</b><br>first x_first xguest_r s0<br>second x_second sysadm_r s3-s3:c5.c15<br>
third x_third sysadm_r s1:c3.c15-s3:c5.c10<br>forth x_forth system_r s1-s1:c0.c10<br>root root system_r s0-s15:c0.c1023<br>
<br>having the clearance delegated for each user I expect user first have read write access to TestFile_S0 and just <br>write access to all other files; user second have read access to files such as TestFile_S0, TestFile_S0C2, <br>
TestFile_S2, TestFile_S2C5, TestFile_S2C11 and only write access to TestFile_S3, TestFile_S3C14.<br>when I switch to MLS enforcing mode I see something else.<br>These users have no permission to write to files they expect they have write access to.<br>
I'd like to know the where this problem originates<br>Moreover when user first wants to take a list of the directory contents only TestFile_S0, TestFile_S1, <br>TestFile_S2 are listed not else; user second sees TestFile_S0, TestFile_S1, TestFile2, TestFile3; users <br>
third and root sees all files; user forth sees just TestFile_S0 not more.<br>I don't know why such lists are taken when I'd like to take a list.<br>Any comment is wellcome<br><br>Best Regards<br>