Gene Czarcinski gene at
Fri Sep 2 14:40:57 UTC 2005

I have been reviewing/following the MCS discussions on this mailing list, the 
LSPP mailing list, and the NSA selinux mailing list and it appears (to me) 
that MCS (Multiple Category System) capability may be sufficiently 
implemented to do some testing.

While I am more interested in a MLS (Multiple Level System) capability with 
selinux, MCS is pretty close since it is "simply" MLS (multi-levels, 
multi-categories) with a single level and multi-categories.

However, I do have some questions --

1.  Is most/all of the needed updates available for FC4 or should I plan to 
use the FC5-development packages?

2.  It appears that MCS is only available with targeted policy (not with the 
strict policy).  Are there plans to include it in strict at some future time?

3.  To me, a key capability to make either MLS or MCS practical is to 
implement polyinstantiation of /tmp and /home/<userid> directories so that 
different levels and/or categories with really have different directories.  
Has this been implemented?  How does it work?

4.  How do I enable MCS given that I am now running selinux-targeted in 
enforcing mode?

Comment:  While I understand that Red Hat folks would want to make a system 
upgrade to MCS NOT require a system relabel,  I (personally) do not consider 
it a big deal to require full relabeling to transition to either MCS or MLS.

5.  Is it the goal for MCS to make it fully implemented and an 
installation/upgrade option for FC5?

6.  Any tips on using MCS?

7.  Is there anything the developers would especially like tested?

8.  IIUC, "newrole -l" will be used to switch level & category on an MLS 
system and "just" category on an MCS system.  Is this correct?

9.  IIUC, the implementation supports a large number of levels (currently 10 
or s0-s9 but could be larger or smaller) and an even larger number of 
categories (currently 128 or c0-c127 but could be larger or smaller).  Is 
this correct?

10.  While the current implementation has levels specified as s0-s9 and 
categories as c0-c127, there needs to some way to relate these "internal" 
specifications to something more meaningful to real people.  For example, for 
sensitivity levels specifying s0=unclassified, s1=confidential, s2=secret, 
etc.  In a similar manner, categories need something like c0=foo, c1=bar, 
c2=CompanyPropin, etc.  Has anything been done with this in mind?  What are 
the plans for this?

Comment:  It sure would be nice to be able to do:

      newrole  -l  unclassified:CompanyPropin

Any comments/info appreciated.


More information about the fedora-selinux-list mailing list