On Mon, 2004-05-31 at 15:08, Erik Fichtner wrote: > So. I've got vanilla FC2 with SELinux loaded and the standard > policy sources loaded on my laptop. For various reasons (low memory > and a general dislike for all things GNOME; primarily), I'm trying to > make good old xdm work and start boring old twm. This requires a > little bit of manhandling within /etc/X11/xdm/Xsession and /etc/inittab. > No big deal here. [xgk]dm need to be modified to set the SELinux security context for the session. SELinux support has been upstreamed in gdm. Patches for other *dm programs have been floating around for some time, e.g. see http://marc.theaimsgroup.com/?l=selinux&m=107031914600885&w=2. The other alternative is to try to use pam_selinux, but that wouldn't work for gdm (pam_open_session is called from the wrong process to set up the context). -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
