[V2,2/7] object_classes_permissions.md: Correct the context object class entry

Commit Message

Richard Haines Dec. 8, 2021, 12:16 p.m. UTC

Clarify the intent of 'contains' and 'translate' permissions.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 src/object_classes_permissions.md | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

Comments

Paul Moore Dec. 8, 2021, 8:09 p.m. UTC | #1

On Wed, Dec 8, 2021 at 7:17 AM Richard Haines
<richard_c_haines@btinternet.com> wrote:
>
> Clarify the intent of 'contains' and 'translate' permissions.
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> ---
>  src/object_classes_permissions.md | 11 ++++-------
>  1 file changed, 4 insertions(+), 7 deletions(-)

Merged, thanks.

Patch

diff --git a/src/object_classes_permissions.md b/src/object_classes_permissions.md
index bbc703d..b092a9b 100644
--- a/src/object_classes_permissions.md
+++ b/src/object_classes_permissions.md
@@ -3081,21 +3081,18 @@  Manage the D-BUS Messaging service that is required to run various services.
 
 ### *context*
 
-Support for the translation daemon ***mcstransd**(8)*. These permissions are
-required to allow translation and querying of level and ranges for MCS and
-MLS systems.
+These permissions are used for SELinux configuration file context entries
+and context translations for MCS/MLS policy.
 
 **Permissions** - 2 unique permissions:
 
 *contains*
 
-- Calculate a MLS/MCS subset - Required to check what the configuration
-  file contains.
+- Check configuration file contains a valid context entry.
 
 *translate*
 
-- Translate a raw MLS/MCS label - Required to allow a domain to translate
-  contexts.
+- Translate a raw label to a meaningful text string.
 
 ### *service*