Implement SELinux Multi-Level Security (MLS)

[ccravens]

Feature Request or Enhancement

• Feature []
• Enhancement [X]

Summary of Request SELinux has an additional Multi-Level Security option, I'd like to make a configurable option where SELinux will be installed and configured with MLS enabled: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/using-multi-level-security-mls_using-selinux

Describe alternatives you've considered N/A

Suggested Code

• [ ] Add Configuration Option for Enabling SELinux MLS
• [ ] Implement Installation Step when Option is Enabled as Specified in the Instructions Here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/using-multi-level-security-mls_using-selinux

I can go ahead and work on this feature, but wanted to submit an issue for feedback and I'll follow up with a PR

[uk-bolly]

hi @ccravens

Thats a very interesting enhancement. I was waiting to see if this has become a part of the latest STIG. While it doesn't appear as an option. Id been keen to see what other feel about adding this enhancement? I will mention in in discord also to see if this is of some use ( I can see this will become a thing maybe in later releases).

Thanks as always

uk-bolly

[BJSmithIEEE]

The fun is coming, as elementary RBAC has been added in V-254520 / RHEL-08-040400. Let the breakage begin!

https://github.com/ansible-lockdown/RHEL8-STIG/blame/18d8335a420f91849a4e69cfe5371c15eddf9615/tasks/fix-cat2.yml#L7634

For you reading (and very likely POA&M) pleasure ...

https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-12-01/finding/V-254520