On Wed, 2006-05-24 at 09:25 -0400, Andy Suchoski wrote: > Are there limits on the number of sensitivity levels and categories? I > know there are 16 levels and 256 categories defined but some > applications may need more, especially in the area of categories.
The kernel stores the sensitivities in an unsigned 32-bit integer and the categories via an extensible bitmap type that is unbounded (aside from memory limitations, of course), so as far as it is concerned, there is no hard limit. There may be constraints however on the security context string lengths, not within the kernel itself but at the kernel-userspace interface (typically page size limitation for selinuxfs and /proc/pid/attr, 255 byte limitation in the iptables secmark interface) and in some userspace code (the libraries try to be general, but some applications may impose fixed maximums on the sizes). That was part of the motivation for the abbreviated syntax introduced by TCS for contiguous compartments (c0.c255). -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
