Xavier Toth wrote:
On Fri, Feb 8, 2008 at 5:51 PM, Eamon Walsh <ewalsh@xxxxxxxxxxxxx> wrote:
Eamon Walsh wrote:
> Xavier Toth wrote:
>
>> Has this made it into the git tree yet?
>>
It's pushed into the XACE-SELINUX branch, so you can play with it now.
I did some simple testing of the polyinstantiation and it worked OK for
me. You'll need the kernel patch, an updated libselinux from SVN, and
an updated refpolicy (or just add "getattr" and "setattr" permissions to
your x_property class and tweak the x_contexts file to add poly_property
notations). I'll push it into the master branch next week unless I get
any feedback directing otherwise.
I've been running the rawhide xserver and a patched metacity which
uses the _SELINUX_CLIENT_CONTEXT xproperty to get the context for
window labels. Because of my desire to maintain a working system I've
taken the approach of changing just one thing at a time. So I chose to
update my policy first by merging the refpolicy with the rawhide
source rpm and patch-20071130.patch. After a few issues I've built and
installed the new policy but now metacity is no longer getting a
context in _SELINUX_CLIENT_CONTEXT. I've looked around in the audit
log but nothing jumps out at me as being amiss. Any ideas on how I can
track down why this property was impacted by this new policy?
Look in the Xorg.0.log file for SELinux messages. The extension might
have disabled itself, perhaps because the object classes and permissions
weren't right.
--
Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
