MCS Max Number of Category Element Comparisions?
Sam Marshall
sm3501 at yahoo.com
Fri Aug 14 20:30:21 UTC 2009
Hi,
In FC11, is there a limit to the number of category elements that can be compared to make access decisions using MCS? My understanding is that up to 1024 categories can be assigned in setrans.conf, however, only six or fewer categories can be used for comparision to make access decisions..
For example, when I assign a login user to 7 categories (e.g., s:0, c1, c2, c5, c8, c11, c12, c19) and label a file with the exact same categories number, permission is denied if the user tries to cat out the file(Unix dacl permissions allow the user read access)
When I assign less than 7 of the exact same categories to the file and user, the user can open the file.
I've tried using ranges (c2.c5, c10.c18, etc ), and found that there appears to be a four element limitation with the range notation.
Does this sound right?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090814/4b4c9cd2/attachment.htm>
More information about the fedora-selinux-list
mailing list