On Tue, Jun 17, 2008 at 7:50 AM, T S <t_mail@xxxxxxxxxxxxxxxx> wrote: > Hello, > > I just want to try functionalities X-SELinux, such as prohibiting cut and > paste. > Since the below changelog(URL) says X-SELinux functionalities are turned off > by default, > I think I need to turn on at first. > I appreciate someone tell me how to turn on. >> http://lwn.net/Articles/283539/ > > I am using Fedora Core9, xorg-server-Xorg-1.4.99.902-3.20080612, > and GNOME( meaning just after FC9 and yum update). > > I thought X-SELinux functionalities are turned on by default in FC9, > so I tried the below steps. > 1) setsebool xserver_object_manager=true > 2) insert loadable module like below. because I was expecting > some avc logs were generated if I tried cut and paste. > >> policy_module(test, 1.0.0) >> gen_require(` >> attribute domain; >> class x_synthetic_event { send receive }; >>') >>auditallow domain domain:x_synthetic_event {send receive}; > > 3) setenforce 1 > 4) reboot GNOME( init 3 and init 5) > 5) trying cut&paste from a window to others. No avclogs are found. > Only found "Loading extension SELinux" in /var/log/Xorg.0.org. > > I appreciate someone tell me what I am missing here. > > Regards, > K > > > Need cash? Click to get an emergency loan, bad credit ok > > _______________________________________________________________ > Get the FREE email that has everyone talking at http://www.mail2world.com > Unlimited Email Storage ? POP3 ? Calendar ? SMS ? Translator ? Much More! Add this to xorg.conf Section "Extensions" Option "SELinux" "Enable" EndSection Thr default enforcing state is Permissive. Add this to set Enforcing state in X Section "Module" SubSection "extmod" Option "SELinux Enforcing" EndSubSection EndSection Add this to have the X Enforcing mode track the system enforcing state Section "Module" SubSection "extmod" Option "SELinux TrackSystem" EndSubSection EndSection xdpyinfo will tell you if the SELinux extension is enabled. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
