Re: Desktop Integration Take 2

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Joe Nall <joe@nall.com>
Cc: SELinux List <SELinux@tycho.nsa.gov>, Daniel J Walsh <dwalsh@redhat.com>
Subject: Re: Desktop Integration Take 2
Date: Wed, 08 Mar 2006 16:52:12 -0500	[thread overview]
Message-ID: <440F520C.8080604@cornell.edu> (raw)
In-Reply-To: <A98716CB-BC6B-4EFE-B480-2B31C8D6FACD@nall.com>


>>> - Have a file controlled by libsetrans which maps mls ranges to 
>>> (unicode?) translated strings
>>>     (setrans.conf)
>>>
>>> - Require the mappings above to be 1:1.
> ...
>
> The work I'm doing on better MLS inverse bit handing (rel 
> country1/country2 ...) in libsetrans supports mapping label fragments 
> (individual categories and category ranges) in addition to the current 
> 1:1 mapping.
It was my understanding that the range should be treated as a whole for 
maximum generality, and we shouldn't unroll and translate individual 
categories [ at least for the purposes of nautilus ]. That way you could 
have a coded clearance label like: NSASecretProject, that unrolls to the 
actual categories [ say NDA_1, NDA_3, Programmer, NSA, Security, 
Confidential, ProjectX ], without listing them all individually.
> With 256 bits, 1:1 MLS mappings are not practical because the number 
> of potential combinations is so great. I hope to have a patch for 
> review at by the end of next week.
My comment said they should be 1:1, not onto.
(i.e. I don't expect the setrans file to define a translation for each 
and every bit combination. In fact, I though I could ignore the 
unspecified ones, and not provide access to them via the Nautilus GUI. 
They'd still be available for use, but they wouldn't be exposed via 
nautilus if they're not in the setrans file).

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2006-03-08 21:52 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-28 21:01 Desktop Integration Take 2 Ivan Gyurdiev
2006-03-08 19:20 ` Ivan Gyurdiev
2006-03-08 19:59   ` Joe Nall
2006-03-08 21:52     ` Ivan Gyurdiev [this message]
2006-03-08 22:50       ` Joe Nall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=440F520C.8080604@cornell.edu \
    --to=ivg2@cornell.edu \
    --cc=SELinux@tycho.nsa.gov \
    --cc=dwalsh@redhat.com \
    --cc=joe@nall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.