On Fri, 2008-01-18 at 13:12 -0800, Justin Mattock wrote:
> Hello; With playing around with refpolicy everything seems good. Now
> with the help of you guys converting to mls policy and changing levels
> seems to be pretty nice.
> But after googling and reading some posts about starting the xserver
> issuing startx seems to be not an option with mls. So is there a work
> around with this.
> from what I'm seeing if I startx from
> sysadm_r:sysadm_t:s0-s15:c0.c255 (SystemLow-SystemHigh) most of the
> avc's are taken care of, except for
> system_u:object_r:memory_device_t:s15:c0.c255 (SystemHigh) /dev/mem.
> Then if I reboot and use newrole -r sysadm_r -l s15: c0.c255 && startx
> I receive a list of avc's that seem to not disappear even after adding
> them, Is there a boolean to configure?
> If there is no solution to this or if mls wasn't designed for
> startingX then i'll leave it as is.
The MLS configuration doesn't include desktop X support at the moment.
The policy was configured and tested for the LSPP certification, but a
desktop was not part of the configuration.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
