[redhat-lspp] Multilevel Printing

[Matt Anderson]

Linda Knippers wrote:
> Hi Matt,
> 
> 
>>When available it would be able to use the file's context, using the
>>session context when the file is stdin.
> 
> 
> There was a discussion on the mailing list a while back (August)
> about where the label information should come from (the label on the
> file or the level of the user initiating the request).  I thought the
> consensus was that for LSPP it should be the level of the user, not the
> file, and I thought that's how the current patches work.  Am I
> mis-remembering?

The current patches are only able to use the session context as the
forced label.  It seemed to me that the consensus was that the file
label was better, which is why I was suggesting it here as the default
when it was available.  I don't have a strong opinion either way in
regards to which label is used, so if the session label is better we can
always use that.

The main concern that I recall from the earlier discussion was when
multiple files were specified on a single lpr line there would be a need
to AND all the labels together in the final output.  From what I
remember of that discussion the conclusion was that we would just
disallow that in the security target and not address the issue.

-matt