--- Daniel J Walsh <[EMAIL PROTECTED]> wrote:
> ... Since there is > an large number of sensitivities a user can log in > as he will need to > key it in. Existing systems allow the user a default MLS value that is used (on a terminal) if none is specified (e.g. just hit ENTER at the label prompt). > I though the sshd would happen automatically when > you login via a secure > channel. IE If I connect at TopSecret, I get > TopSecret. This is the usual behavior, but we're talking about real deployments here, so there will always be someone who wants (and is unwilling to use/buy a system that won't allow her) to long in at multiple labels across a single level network. For your system to be popular you need to provide the facility. Just consider the admin who wants to log in at SystemHigh to fix the broken network. > I think gdm will require other features such that I > launch terminals at > different sensitivity levels??? > > I think we should separate the TE Context selection > from the Sensitivity > Selection, in order to satisfy the MLS problems. >From the standpoint of someone who likes MLS better than TE, I agree, but from the standpoint of someone who hates to see mixed metaphores I disagree. > So it will not work on ptys? Or are you thinking a > boolean? I think it > will be strange for a user to have the app work > differently depending on > how they logged in, but I guess this is another > short coming of MLS. I don't get how this is a shortcoming of MLS. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
