I'm currently studying about bell-lapadula model for my research and I need to implementation it as a simple example. I want to implement a simple BLP model using SELinux on my virtual machine Centos. In my research, I have 4 user, which represent four levels of security (Top Secret, Secret, Unclassified, Public) and each user has their own folder. I just want to know how to enable MLS in SELinux, set the BLP rules in SELinux?

Before, I use this reference https://access.redhat.com/documentat...n-selinux.html. But in the last step, I always failed to access root, maybe you can help me.. or you have a specific reference to me learn it? Just a simple example maybe? Thx

Not certain of this... But I don't think a pure BLP even has a root. The two systems I had access to (both were the old Cray Y systems) with a BLP foundation had extensions to allow for a root.

BTW, which version CentOS are you using?

Thank you for your help. I'm using centOS version 6.6

I'm not sure the BLP implemented is actually usable. There are a LOT of difficult areas, and I'm not certain they have been addressed. I don't believe anyone actually uses it.

1. X can't be used (not BLP aware)
2. without IPsec, network connections can't be labelled either.
3. Administration must (in a pure environment) be done before the system is booted - which means all configurations have to be set with SELinux disabled (or in permissive mode).

I think it was created more to show that the SELinux model(flask) could be used to define a BLP operation, thus showing the flask foundation was more powerful.