Venator: "If I am a low process and I create a file in a low directory, what will the file be labeled?" "Low." Venator: "What if I am a high process?" "Either medium or low." Labels can be inherited, and this is seen in the file system and...

In the last couple of days I've debugged several ACL issues. That these questions come up internally suggests that our security model is fairly complex. In one scenario, the DACL was not as expected when importing a machine certificate via the MMC snapin...