[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Many to one translations in setrans.conf
- From: Joe Nall <joe nall com>
- To: fedora-selinux-list redhat com
- Subject: Many to one translations in setrans.conf
- Date: Wed, 11 Apr 2007 10:55:34 -0500
We have been using /etc/selinux/mls/setrans.conf files that use
multiple equivalent translations to support common aliases. For example:
s2:c1.c225,c227.c253=CONFIDENTIAL//REL FU
s2:c1.c225,c227.c253=C O N F I D E N T I A L REL FU
s2:c1.c225,c227.c253=C O N F I D E N T I A L RELEASABLE TO FU
s2:c1.c225,c227.c253=CONFIDENTIAL//REL BAR
s2:c1.c225,c227.c253=C O N F I D E N T I A L REL BAR
s2:c1.c225,c227.c253=C O N F I D E N T I A L RELEASABLE TO BAR
This has the effect of mapping all of these labels to a common
context. This context maps back to the first translation
(CONFIDENTIAL//REL FU).
'semanage translation -a -T ...' has different behavior. When a
translation is added, it rewrites the file using the last (C O N F I
D E N T I A L RELEASABLE TO BAR) translation and deletes the other
translations. It also moves all of the comments to the top, moving
them away from the translation they are documenting.
Should we be using this many to one behavior to support aliases? Is
it broken in other ways that we have not discovered yet?
joe
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]