On Thu, 19 Oct 2006, Paul Moore wrote: > Thinking strictly from a TE point of view 64k is quite a bit, however if we > throw in MLS it shrinks really quickly when you add all of the possibile > combinations of sensitivity level plus categories. Maybe somebody from TCS or > the Lenny/Joe/Ted team can describe a typical scenario, but from the limited > label encodings I have seen 15/16 bits just doesn't seem like enough.
It can be an arbitrary split, so that e.g. internal labels have 2^10 and external 2^22 or something. I really doubt that there will be many internal labels. Generally, they're only going to carry information about well known services (ports) and perhaps some node & netif info. In an MLS environment, I'd imagine setting the MLS component based on the interface (and perhaps ip address(es)) and the TE component based on the port. e.g. dport 80 / eth0: http_packet_t:s3 dport 80 / eth1: http_packet_t:s4 - James -- James Morris <[EMAIL PROTECTED]> -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
