[DSE-Dev] Bug#747111: Bug#747111: selinux-basics: MCS mode is missing in /etc/selinux/config

[Mika Pflüger]

Hi,

Victor Porton <porton at narod.ru> wrote:
> 
> >From /etc/selinux/config:
> 
> # SELINUXTYPE= can take one of these two values:
> # default - equivalent to the old strict and targeted policies
> # mls     - Multi-Level Security (for military and educational use)
> # src     - Custom policy built from source
> SELINUXTYPE=default
> 
> MCS mode is missing in the comments and I am not sure whether it
> is supported at all.
> 
> Personally I need MCS (but not MLS) support for my project.

The default policy (from selinux-policy-default) is a mcs policy. It
might be a good idea to reword the documentation to clearly state this
like this:

# default - equivalent to the old strict and targeted policies
(includes multi category security)

on the other hand that would change the config file, triggering
dpkg-questions for users who modified the file for only a small
benefit. Note that the fact that selinux-policy-default uses mcs is
already documented in the package description.
I personally don't think we should update the comments
in /etc/selinux/config unless we are changing that file anyway.

Cheers,

Mika
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140505/9bc8e9a4/attachment.sig>