MCS
Gene Czarcinski
gene at czarc.net
Fri Sep 2 21:51:35 UTC 2005
On Friday 02 September 2005 17:09, James Morris wrote:
> On Fri, 2 Sep 2005, Gene Czarcinski wrote:
> > 6. Any tips on using MCS?
>
> The usage scenario is intended to be flexible:
>
> 1) Create names for your categories
where is this specified?
> 2) Assign users to categories
where is this specified?
> 3) Let users label their files with the categories as they see fit
>
> So, a simple example might be:
> a) Define c1 to mean "Company_Confidential"
> b) Configure all users to have access to c1
> c) Users add this label to files like "secret_product_plan.pdf"
> d) httpd, ftpd etc. can't access the file anymore
> e) When printed, this category label is automatically added to the header
> and footer of each page or a cover sheet (once labeled printing is
> completed).
Also, in /etc/sysconfig/selinux, do I need to specify SELINUXTYPE=mcs ?
I assume I need to install the packages that are in
ftp://people.redhat.com/dwalsh/selinux ... especially those under mcs.
BTW, it would be nice if the src.rpm packages were available also (e.g.,
libsetrans) so that I could look at the code if I have any questions.
Also, I assume that polyinstantiation of /tmp and /home is not planned for MCS
but intended only for MLS ... correct? I assume this since you did not
mention the use of "newrole" with respect to MCS.
Gene
More information about the fedora-selinux-list
mailing list