|Main Archive Page > Month Archives > selinux archives|
I would like to create a login that has access to one category at the highest sensitivity level, but in another category only has access at a lower sensitivity level. For example, on a system where SystemHigh is s0-s3:c0.c3, one login could be defined as something similar to: s0-s1:c0.c3, s2:c2.c3, s3:c3, while another login could be defined as s0-s2:c0.c3, s3:c0.c2 .
Am I correct that MLS policy cannot support this scenario?
Is this possible under any old, current, or developmental SELinux policy?
Would it be possible to write such a policy with the existing SELinux user/kernel land?
Thanks for any pointers,
rob. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to email@example.com with the words "unsubscribe selinux" without quotes as the message.