From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with SMTP id l4MEpwG6015999 for ; Tue, 22 May 2007 10:51:58 -0400 Received: from mail.and.org (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id l4MEpuRP014477 for ; Tue, 22 May 2007 14:51:57 GMT Subject: Re: Fedora Core 7 has frozen and Fedora 8 Development has started From: James Antill To: Klaus Weidner Cc: Paul Moore , SE Linux , Daniel J Walsh In-Reply-To: <20070521221304.GB11544@w-m-p.com> References: <464E13CB.1070609@redhat.com> <20070521190811.GA11544@w-m-p.com> <4651EFCC.1040500@redhat.com> <200705211543.10171.paul.moore@hp.com> <1179779222.23650.24.camel@code.and.org> <20070521221304.GB11544@w-m-p.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-jBDm0Ckxzg+cP9dMJxSt" Date: Tue, 22 May 2007 10:51:52 -0400 Message-Id: <1179845512.23650.35.camel@code.and.org> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov --=-jBDm0Ckxzg+cP9dMJxSt Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2007-05-21 at 17:13 -0500, Klaus Weidner wrote: > Would it make sense to make a distinction between end user modifiable > types and admin types? For example, at first glance the following look as > if they'd be most relevant for non-admin users: Right, the admin can use nautilus too :). Note that if a context is viewed that doesn't match any of those translations the failure mode is to just display the full context to the user, so I wanted to add all of the types that any user would hit in at least ~/ and /etc. > > HACK_TYPE("cvs_data_t", _("Read and write from CVS daemon")); > > HACK_TYPE("public_content_rw_t", > > _("Read and write from CIFS/ftp/http/nfs/rsync")); > > HACK_TYPE("public_content_t", _("Read from CIFS/ftp/http/nfs/rsy= nc")); > > HACK_TYPE("samba_share_t", _("Shared via CIFS (samba)")); > > HACK_TYPE("staff_home_t", _("Staff user data")); > > HACK_TYPE("staff_home_dir_t", _("Staff user home directory")); > > HACK_TYPE("sysadm_home_t", _("Sysadmin user data")); > > HACK_TYPE("sysadm_home_dir_t", _("Sysadmin user home directory")= ); > > HACK_TYPE("tmp_t", _("Temporary data")); > > HACK_TYPE("user_tmp_t", _("User temporary data")); > > HACK_TYPE("user_home_t", _("User data")); > > HACK_TYPE("user_home_dir_t", _("User home directory")); > > HACK_TYPE("xen_image_t", _("Xen image")); >=20 > Maybe one way to do that would be to use a drop-down for the type that > only contains the types that the user is actually permitted to change > this object to? The above function _just_ does the translation from a type to "readable message saying what the type is". This is not the list of entries that is displayed to the user. The list is generated by always adding tmp_t, user_home_t, user_tmp_t and then whatever is contained in selinux_customizable_types_path(). Then the current type for the file, and the matchpathcon type for the file (with all the other values for the context taken from the current context). That's not very pretty either, but it doesn't make me cringe as much as the above :). --=20 James Antill --=-jBDm0Ckxzg+cP9dMJxSt Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQBGUwOH11eXTEMrxtQRAvdMAJ45arlWOpk3lXZ67/FSJy0J2jySXwCgx4Hk xNR8mk4tc5fOQyylDHVwHyo= =M8/6 -----END PGP SIGNATURE----- --=-jBDm0Ckxzg+cP9dMJxSt-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.