On Wed, 2007-01-24 at 16:37 -0500, Daniel J Walsh wrote: > Currently you can run semanage/semodule at SystemLow and they end up > creating files in /etc/selinux/mls/seusers and > /etc/selinux/mls/policy/policy.21 at SystemLow. > > The system defaults say they should be at SystemHigh. I am not sure why > they are specified at SystemHigh, but we either need to change the > specification or lots of other files need to be moved to system high and > perhaps only allow semanage to run at SystemHigh. > > Running semanage at SystemHigh, ends up creating a bunch of files at > SystemHigh that should be SystemLow, also. So no easy fix.
Running semanage/semodule at SystemLow and using range_transition to transition the files to SystemHigh may work. But are they truly SystemHigh in their data? -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
