On Mon, 2006-10-09 at 21:57 -0400, Gene Czarcinski wrote: > On Monday 09 October 2006 21:22, Joshua Brindle wrote: > > Gene Czarcinski wrote: > > > On Monday 09 October 2006 10:05, Christopher J. PeBenito wrote: > > > > > > > > >>> I assume that strict mode should be capable of running X ... true or > > >>> false? > > >>> > > >> > > >> Strictly speaking (no pun intended) yes, since it does have the xserver > > >> module. In reality, it probably still has issues since very few desktop > > >> users want a strict policy, so it is untested. > > >> > > > > > > While a server may not have a good display directly attached, it would be > > > useful to run X remotely since some of the system configuration tools are > > > gui only ... for example, selinux. > > > > > > > running X apps that are exported to a remote machine isn't the same > > thing as running an Xserver on the local machine. > > Yes, but I was told not to install X (it was not supported). If it is "only" > the running of Xserver that is not supported with strict or mls policies, > then I can live with that. However, running Xserver will need to be > supported to be competitive with TSOL. I believe that you are confusing "supported" w.r.t. Red Hat and "supported" w.r.t. SELinux itself. I believe Red Hat only supports the strict policy on RHEL and only with a support contract. I'm guessing it will probably be same for the MLS/LSPP policy. As for SELinux in general, X servers can work on the strict policy, it just hasn't had much testing with the 2.* (reference policy-based) policies. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
