Downgrading and Upgrading Sensitivity Labels

The calling process needs the file_owner privilege in its effective set to downgrade the sensitivity label on a file not owned by the calling process.

Downgrading Sensitivity Labels

A process can set the sensitivity label on a file system object to a new sensitivity label that does not dominate the object's existing sensitivity label with the file_downgrade_sl privilege in its effective set.

Upgrading Sensitivity Labels

A process can set the sensitivity label on a file system object to a new sensitivity label that dominates the object's existing sensitivity label with the file_upgrade_sl privilege in its effective set.

Previous: Setting Process Labels
Next: Label Guidelines