forked from pool/selinux-policy
Hu
2112d5575b
* Allow coreos-installer-generator manage mdadm_conf_t files * Allow setsebool_t relabel selinux data files * Allow virtqemud relabelfrom virtqemud_var_run_t dirs * Use better escape method for "interface" * Allow init and systemd-logind to inherit fds from sshd * Allow systemd-ssh-generator read sysctl files * Sync modules.conf with Fedora targeted modules * Allow virtqemud relabel user tmp files and socket files * Add missing sys_chroot capability to groupadd policy * Label /run/libvirt/qemu/channel with virtqemud_var_run_t * Allow virtqemud relabelfrom also for file and sock_file * Add virt_create_log() and virt_write_log() interfaces - Sync modules-targeted-contrib.conf with Fedora targeted modules.conf OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=271
53 lines
1.3 KiB
Plaintext
53 lines
1.3 KiB
Plaintext
#
|
|
# Multi-Level Security translation table for SELinux
|
|
#
|
|
# Uncomment the following to disable translation libary
|
|
# disable=1
|
|
#
|
|
# Objects can be labeled with one of 16 levels and be categorized with 0-1023
|
|
# categories defined by the admin.
|
|
# Objects can be in more than one category at a time.
|
|
# Users can modify this table to translate the MLS labels for different purpose.
|
|
#
|
|
# Assumptions: using below MLS labels.
|
|
# SystemLow
|
|
# SystemHigh
|
|
# Unclassified
|
|
# Secret with compartments A and B.
|
|
#
|
|
# SystemLow and SystemHigh
|
|
s0=SystemLow
|
|
s15:c0.c1023=SystemHigh
|
|
s0-s15:c0.c1023=SystemLow-SystemHigh
|
|
|
|
# Unclassified level
|
|
s1=Unclassified
|
|
|
|
# Secret level with compartments
|
|
s2=Secret
|
|
s2:c0=A
|
|
s2:c1=B
|
|
|
|
# ranges for Unclassified
|
|
s0-s1=SystemLow-Unclassified
|
|
s1-s2=Unclassified-Secret
|
|
s1-s15:c0.c1023=Unclassified-SystemHigh
|
|
|
|
# ranges for Secret with compartments
|
|
s0-s2=SystemLow-Secret
|
|
s0-s2:c0=SystemLow-Secret:A
|
|
s0-s2:c1=SystemLow-Secret:B
|
|
s0-s2:c0,c1=SystemLow-Secret:AB
|
|
s1-s2:c0=Unclassified-Secret:A
|
|
s1-s2:c1=Unclassified-Secret:B
|
|
s1-s2:c0,c1=Unclassified-Secret:AB
|
|
s2-s2:c0=Secret-Secret:A
|
|
s2-s2:c1=Secret-Secret:B
|
|
s2-s2:c0,c1=Secret-Secret:AB
|
|
s2-s15:c0.c1023=Secret-SystemHigh
|
|
s2:c0-s2:c0,c1=Secret:A-Secret:AB
|
|
s2:c0-s15:c0.c1023=Secret:A-SystemHigh
|
|
s2:c1-s2:c0,c1=Secret:B-Secret:AB
|
|
s2:c1-s15:c0.c1023=Secret:B-SystemHigh
|
|
s2:c0,c1-s15:c0.c1023=Secret:AB-SystemHigh
|