James Morris wrote: > On Thu, 19 Oct 2006, Paul Moore wrote: > >>Thinking strictly from a TE point of view 64k is quite a bit, however if we >>throw in MLS it shrinks really quickly when you add all of the possibile >>combinations of sensitivity level plus categories. Maybe somebody from TCS or >>the Lenny/Joe/Ted team can describe a typical scenario, but from the limited >>label encodings I have seen 15/16 bits just doesn't seem like enough. > > It can be an arbitrary split, so that e.g. internal labels have 2^10 and > external 2^22 or something. I really doubt that there will be many > internal labels. Generally, they're only going to carry information about > well known services (ports) and perhaps some node & netif info.
That might work out a little better. I wonder how hard it would be to make the split configurable and if it would even be worth it? -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
