Hi, Victor Porton <por...@narod.ru> wrote: > > >From /etc/selinux/config: > > # SELINUXTYPE= can take one of these two values: > # default - equivalent to the old strict and targeted policies > # mls - Multi-Level Security (for military and educational use) > # src - Custom policy built from source > SELINUXTYPE=default > > MCS mode is missing in the comments and I am not sure whether it > is supported at all. > > Personally I need MCS (but not MLS) support for my project.
The default policy (from selinux-policy-default) is a mcs policy. It might be a good idea to reword the documentation to clearly state this like this: # default - equivalent to the old strict and targeted policies (includes multi category security) on the other hand that would change the config file, triggering dpkg-questions for users who modified the file for only a small benefit. Note that the fact that selinux-policy-default uses mcs is already documented in the package description. I personally don't think we should update the comments in /etc/selinux/config unless we are changing that file anyway. Cheers, Mika
signature.asc
Description: PGP signature