[redhat-lspp] Number of level & compartments
Stephen Smalley
sds at tycho.nsa.gov
Tue Sep 20 11:50:21 UTC 2005
On Mon, 2005-09-19 at 16:34 -0400, Steve Grubb wrote:
> Hello,
>
> According to the LSPP spec's we need to allow 16 levels and at least 64
> compartments (Section 5.2.6.7.c). I think the number of levels are OK, but I
> think we need the ability to have 256 compartments as a baseline. Can we do
> this?
SELinux doesn't impose any internal limitations on the number of
categories; it uses an extensible bitmap type to represent them
internally. Naturally, if you have a very large number of them, and you
have security contexts that have large sets of categories (rather than
just a few per security context), then they may get a bit unwieldy to
handle, particularly in the string form.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list