setrans.conf
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 16 17:49:10 UTC 2007
Ivan Makale wrote:
> I'm studying SELinux and I'd like to find a clear explanation of the
> syntax used in the setrans.conf file. Have anybody a web resource to
> suggest?
> So to give an example,
>
> s0-s0:c0.c1023=SystemLow-SystemHigh
> s0:c0.c1023=SystemHigh
>
> Is '-' indicating a range between sensitivity levels and the ''.' a
> range between categories? What's the difference between "s0" only and
> "s0-s0"? And so on...
s0 only implies s0-s0
The first number in a sensitivity level range indicates the default level.
For the case of a process, this indicates you can use newrole to
transition to any of the levels in the range. For a directory, it
would indicate the allowable sensitively levels that can be placed in a
directory.
The . in a category is just a shorthand to indicate the sensitivity
level includes all categories from the beginning to the end. So
s0:c1.c5 is the same as s0:c1,c2,c3,c4,c5.
> Thank you, Ivan Makale
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list