On Fri, 2006-05-19 at 10:07 -0500, Michael C Thompson wrote: > Hey all, > > I'm trying to figure out how the se_sen and se_clr labels are supposed > to be used with auditctl. > > Here is the selinux context: > subj=root:staff_r:staff_t:s0-s15:c0.c255 > ^ ^ ^ ^ > se_user ^ se_type ^ > se_role se_clr & se_sen > > What is the difference between se_clr and se_sen? And if you have any > enlightening examples, that would be appreciated.
IIRC, se_sen is how audit refers to the low level (aka sensitivity, current level) and se_clr is how audit refers to the high level (aka clearance, max level) of a MLS range in a SELinux context. In the context above, the se_sen would be the "s0" and the se_clr would be the "s15:c0.c255". -- Stephen Smalley National Security Agency -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
