-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<snip>

Eric and I have come up with the following syntax for this behaviour.

default_trans level dir_file_class_set parent;
default_trans user dir_file_class_set process;
default_trans role file parent;

We have developed a patch to checkpolicy that will process this
syntax, although it does nothing with it yet, need a patch for libsepol...

We have made these commands optional and I am placing them in the
policy/mcs file.  Default will be current behavior.


ifdef(`enable_mcs',`
default_trans level dir_file_class_set parent;

#
# Define sensitivities
#
# MCS is single-sensitivity.

gen_sens(1)

...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6YW/sACgkQrlYvE4MpobNlHACgqYKr4T3Bi5tp4cPb0ee5mw3q
I2UAn2trAI2BXOGu+JAbSx2RBNPuAvpd
=MWrk
-----END PGP SIGNATURE-----