Object CMW Label

When an object is created by a process, the object inherits the CMW label values of its calling process.

When a privileged process writes down to an object, the system changes the sensitivity label of the object to be the same as the sensitivity label of the process. This protects the information written from the process at the higher sensitivity label from being accessed by other processes running at lower sensitivity labels.

The setcmwlabel(2) system call programmatically sets the CMW label on a file system object.

The File Manager lets an authorized user change the sensitivity label on an existing file's CMW label.

Previous: Process CMW Label
Next: Privileged Operations