search for: compartiment

...wing policies could be very useful for such an environment. Have I missed anything? Has something similar been done? The module would (roughly) work as follows: Defining security levels in a similar way to mac_mls or mac_biba, we define a range of uids as sysctl variables to be used as "compartiments". For example, mac.mac_uids.lowuid mac.mac_uids.highid And it would be implemented so that: Below a given security level, (mac.mac_uids.enforce_below) - Any operation of a subject with uid x (between lowuid and highuid) on an object with uid y (between lowuid and highuid) would fail. -...