[redhat-lspp] Security Context label attribute question
Michael C Thompson
thompsmc at us.ibm.com
Wed Jun 7 19:53:44 UTC 2006
Andy Suchoski wrote:
> Hello all,
>
> My background is with legacy MLS systems and I can understand when the
> label attribute of a process contains a low label and a high label
> (s0-s15:c0.c255), the low label corresponds to the level at which a
> process operates and the high label corresponds to the clearance of the
> process. I believe that is right. But what does the low label and high
> label mean in the security context of an object such as a file or a
> directory?
Most objects, such as files, are restricted such that their low label
and high label are equivalent, or "single-level". However, directories
(and some other objects in the system, I don't remember which right now)
are permitted to be "multi-level", since a directory could hold files
with different levels.
Mike
More information about the redhat-lspp
mailing list