--- Klaus Weidner <[EMAIL PROTECTED]> wrote:
> The current system doesn't specifically support > single label interfaces > without labeled networking. That would imply that all networks are mutilabel with labeled networking. > The sshd implementation > does support level > selection when not using labeled networking, but > obviously people will > need to use labeled networking when they expect MLS > constraints to be > enforced on their network communication. That is unfortunately not the case. People will expect to hook thier MLS box onto a network with *gasp* Windows boxes, and expect to be able to log into the MLS box from the Windows boxes. If your sshd allows someone to log in at two different labels from the same Windows box I expect that you will have an issue with your evaluators because you have a device (e.g. eth0) that does not enforce MLS policy. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
