--- Joe Nall <[EMAIL PROTECTED]> wrote: > On the HP CMW, /dev/null has a WILDCARD label > > cmw:joe> lslevel /dev/null > /dev/null WILDCARD > > WILDCARD is really the absence of a label (literally > a null pointer > in the API). This is equivalent to a > SystemLow-SystemHigh range for > most applications.
Trusted Irix uses a label type to identify wildcard (it's actually two types, MSENEQUAL/MINTEQUAL) but it's conceptually the same. > Directories are not ranged, but have to satisfy the > constraint that > the directory contents must dominate the directory. I assume this is done at creation. And this is the same constraint on Trix and TSOL. > To create a file > in a directory with a lower classification, the > creating process must > have the allowmacwrite privilege. How do these systems handle creating TopSecret entries in Secret directories? > Directory relabels are only > possible if the directory is empty. Yup. > I could not find the mkupdir syscall in the online > Trusted Solaris documentation. I'm sure I got the name wrong. mksecdir, perhaps? I last worked on it in 1989, so I can claim senility if necessary. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
