On Fri, 2008-03-28 at 09:57 -0400, Stephen Smalley wrote: > > Neglecting the above, I still disagree with dropping a TE-only > > configuration. While you can arrive at the same configuration by having > > one category and one sensitivity and/or dropping the MLS constraints, > > you still get MLS bits leaking through, eg. in semanage. > > That's the point - the presence/absence of a context field is visible to > users and applications no matter how much we try to encapsulate the > contexts, and having the two different configurations makes maintenance > and user experience more difficult/confusing. I think the confusion is worse for the TE-only case (emulated by no mls constraints or only one category/sensitivity). For example, if you short circuit the level translation to "", then people get confused when their setexecon() fails because they haven't put :s0 at the end of the context, but none of their ps -AZ processes have it. Thats significantly more obtuse than people thinking "Fedora has that MCS stuff, and Ubuntu doesn't." There is always configuration/support variances between distros. I'm not convinced many people actually use MCS at all. Users have a hard enough time dealing with TE. If it wasn't for MCS I don't think we'd even be having this discussion. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
