Re: Fedora Core 7 has frozen and Fedora 8 Development has started

[James Antill <jantill@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 2227 bytes --]

On Mon, 2007-05-21 at 17:13 -0500, Klaus Weidner wrote:

> Would it make sense to make a distinction between end user modifiable
> types and admin types? For example, at first glance the following look as
> if they'd be most relevant for non-admin users:

 Right, the admin can use nautilus too :). Note that if a context is
viewed that doesn't match any of those translations the failure mode is
to just display the full context to the user, so I wanted to add all of
the types that any user would hit in at least ~/ and /etc.

> >        HACK_TYPE("cvs_data_t", _("Read and write from CVS daemon"));
> >        HACK_TYPE("public_content_rw_t",
> >                  _("Read and write from CIFS/ftp/http/nfs/rsync"));
> >        HACK_TYPE("public_content_t", _("Read from CIFS/ftp/http/nfs/rsync"));
> >        HACK_TYPE("samba_share_t", _("Shared via CIFS (samba)"));
> >        HACK_TYPE("staff_home_t", _("Staff user data"));
> >        HACK_TYPE("staff_home_dir_t", _("Staff user home directory"));
> >        HACK_TYPE("sysadm_home_t", _("Sysadmin user data"));
> >        HACK_TYPE("sysadm_home_dir_t", _("Sysadmin user home directory"));
> >        HACK_TYPE("tmp_t", _("Temporary data"));
> >        HACK_TYPE("user_tmp_t", _("User temporary data"));
> >        HACK_TYPE("user_home_t", _("User data"));
> >        HACK_TYPE("user_home_dir_t", _("User home directory"));
> >        HACK_TYPE("xen_image_t", _("Xen image"));
> 
> Maybe one way to do that would be to use a drop-down for the type that
> only contains the types that the user is actually permitted to change
> this object to?

 The above function _just_ does the translation from a type to "readable
message saying what the type is". This is not the list of entries that
is displayed to the user.
 The list is generated by always adding tmp_t, user_home_t, user_tmp_t
and then whatever is contained in selinux_customizable_types_path().
Then the current type for the file, and the matchpathcon type for the
file (with all the other values for the context taken from the current
context). That's not very pretty either, but it doesn't make me cringe
as much as the above :).

-- 
James Antill <jantill@redhat.com>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]