On Fri, Feb 8, 2008 at 5:51 PM, Eamon Walsh <ewalsh@xxxxxxxxxxxxx> wrote: > Eamon Walsh wrote: > > Xavier Toth wrote: > > > >> Has this made it into the git tree yet? > >> > > It's pushed into the XACE-SELINUX branch, so you can play with it now. > I did some simple testing of the polyinstantiation and it worked OK for > me. You'll need the kernel patch, an updated libselinux from SVN, and > an updated refpolicy (or just add "getattr" and "setattr" permissions to > your x_property class and tweak the x_contexts file to add poly_property > notations). I'll push it into the master branch next week unless I get > any feedback directing otherwise. I've been running the rawhide xserver and a patched metacity which uses the _SELINUX_CLIENT_CONTEXT xproperty to get the context for window labels. Because of my desire to maintain a working system I've taken the approach of changing just one thing at a time. So I chose to update my policy first by merging the refpolicy with the rawhide source rpm and patch-20071130.patch. After a few issues I've built and installed the new policy but now metacity is no longer getting a context in _SELINUX_CLIENT_CONTEXT. I've looked around in the audit log but nothing jumps out at me as being amiss. Any ideas on how I can track down why this property was impacted by this new policy? > > With regard to the rawhide X server, I just ran "strings" on a rawhide > Xorg binary and it shows SELinux extension messages. The package has a > date of Jan 7 in the version number. So you might try compiling an X > server from SRPM, passing the --enable-xselinux=yes flag to the > configure script. It might just work, however there have been some > changes since Jan 7. > > -- > > > Eamon Walsh <ewalsh@xxxxxxxxxxxxx> > National Security Agency > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
