Re: auditctl se_sen & se_clr
On Fri, 2006-05-19 at 10:07 -0500, Michael C Thompson wrote:
Hey all,
I'm trying to figure out how the se_sen and se_clr labels are supposed
to be used with auditctl.
Here is the selinux context:
subj=root:staff_r:staff_t:s0-s15:c0.c255
^ ^ ^ ^
se_user ^ se_type ^
se_role se_clr & se_sen
What is the difference between se_clr and se_sen? And if you have any
enlightening examples, that would be appreciated.
IIRC, se_sen is how audit refers to the low level (aka sensitivity,
current level) and se_clr is how audit refers to the high level (aka
clearance, max level) of a MLS range in a SELinux context. In the
context above, the se_sen would be the "s0" and the se_clr would be the
"s15:c0.c255".
--
Stephen Smalley
National Security Agency