With the well-documented manuals, I'm successfully testing
several access control policies. (Thanks to all contributors :) )

I've been testing role dominance relation. expecially,
the transitivity of role dominance relation.

prof_r > (osg_r, dbg_r) > stud_r

as;

dominance { role prof_r { role osg_r; role dbg_r; } }
dominance { role osg_r { role stud_r; } }
dominance { role dbg_r { role stud_r; } }
# disabled direct relation
#dominance { role prof_r { role stud_r; } }

In the above relation, I guessed that the prof_r role can not inherit
the types of stud_r as seeing below;

login: dilee_u
Password:

Your default context is dilee_u:osg_r:osg_t.
Do you want to choose a different one? [n]y


[1] dilee_u:osg_r:osg_t
[2] dilee_u:dbg_r:dbg_t
[3] dilee_u:prof_r:prof_t
Enter number of choice:

And I also could not get the context of stud_r using the newrole command
after getting the context of osg_r or dbg_r.

Any comments on this problem???

Have a nice day.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Hyung Chan Kim

Security Group, Concurrent System Research Laboratory
Dept. of Information and Communications
Kwangju Institute of Science and Technology (K-JIST)
1 Oryong-dong Buk-ku Gwangju 500-712, Rep. of Korea

Lab. : +82-62-970-2266
Fax : +82-62-970-2204
Mobile : +82-11-9660-4900
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-