I agree the secolor configuration file is lacking consistency. From a historical MLS perspective, there were two special labels in many MLS systems: SystemLow and SystemHigh. This would be "s0" (lowest level/no categories) and "s15:c0.c1023" (highest level/all categories) respectively. At these special levels, there was traditionally no other category usage. I concur we either do the proposed change in this patch or just change the "s0:c0.c1023" lines to just "s0" (SystemLow) to be consistent with the "s15:c0.c1023" (SystemHigh) range that exists currently. They will both provide the desired results. -Chad On Mon, Jul 29, 2019 at 5:41 PM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote: > > On Tue, Jul 2, 2019 at 2:09 PM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote: > > > > According to "check_dominance" function: > > Range defined as "s15:c0.c1023" does not dominate any other range than > > "s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.). > > While range defined as "s15-s15:c0.c1023" dominates all of the above. > > > > This is either a bug, or "s15:c0.c1023" should not be used in the > > examples. > > Hello, > I am not familiar with the concepts about range dominance, so I do not > know whether this is a bug that should be fixed or if updating the > examples is better. Can someone please review this? > > Cheers, > Nicolas > > > Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx> > > --- > > libselinux/man/man5/secolor.conf.5 | 4 ++-- > > libselinux/man/ru/man5/secolor.conf.5 | 4 ++-- > > mcstrans/share/examples/urcsts-via-include/secolor.conf | 2 +- > > mcstrans/share/examples/urcsts/secolor.conf | 2 +- > > 4 files changed, 6 insertions(+), 6 deletions(-) > > > > diff --git a/libselinux/man/man5/secolor.conf.5 b/libselinux/man/man5/secolor.conf.5 > > index b834577a..a3bf2da1 100644 > > --- a/libselinux/man/man5/secolor.conf.5 > > +++ b/libselinux/man/man5/secolor.conf.5 > > @@ -123,7 +123,7 @@ range s7\-s7:c0.c1023 = black red > > .br > > range s9\-s9:c0.c1023 = black orange > > .br > > -range s15:c0.c1023 = black yellow > > +range s15\-s15:c0.c1023 = black yellow > > .RE > > > > .sp > > @@ -165,7 +165,7 @@ type xguest_t = black green > > .br > > user sysadm_u = white black > > .br > > -range s0:c0.c1023 = black white > > +range s0-s0:c0.c1023 = black white > > .br > > user * = black white > > .br > > diff --git a/libselinux/man/ru/man5/secolor.conf.5 b/libselinux/man/ru/man5/secolor.conf.5 > > index 4c1236ae..bcae80c1 100644 > > --- a/libselinux/man/ru/man5/secolor.conf.5 > > +++ b/libselinux/man/ru/man5/secolor.conf.5 > > @@ -121,7 +121,7 @@ range s7\-s7:c0.c1023 = black red > > .br > > range s9\-s9:c0.c1023 = black orange > > .br > > -range s15:c0.c1023 = black yellow > > +range s15\-s15:c0.c1023 = black yellow > > .RE > > > > .sp > > @@ -163,7 +163,7 @@ type xguest_t = black green > > .br > > user sysadm_u = white black > > .br > > -range s0:c0.c1023 = black white > > +range s0\-s0:c0.c1023 = black white > > .br > > user * = black white > > .br > > diff --git a/mcstrans/share/examples/urcsts-via-include/secolor.conf b/mcstrans/share/examples/urcsts-via-include/secolor.conf > > index d35b3c67..3b3f5430 100644 > > --- a/mcstrans/share/examples/urcsts-via-include/secolor.conf > > +++ b/mcstrans/share/examples/urcsts-via-include/secolor.conf > > @@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan > > range s5-s5:c0.c1023 = white blue > > range s7-s7:c0.c1023 = black red > > range s9-s9:c0.c1023 = black orange > > -range s15:c0.c1023 = black yellow > > +range s15-s15:c0.c1023 = black yellow > > > > diff --git a/mcstrans/share/examples/urcsts/secolor.conf b/mcstrans/share/examples/urcsts/secolor.conf > > index d35b3c67..3b3f5430 100644 > > --- a/mcstrans/share/examples/urcsts/secolor.conf > > +++ b/mcstrans/share/examples/urcsts/secolor.conf > > @@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan > > range s5-s5:c0.c1023 = white blue > > range s7-s7:c0.c1023 = black red > > range s9-s9:c0.c1023 = black orange > > -range s15:c0.c1023 = black yellow > > +range s15-s15:c0.c1023 = black yellow > > > > -- > > 2.17.2 > > >
