Hello; after seeing all of these posts about xserver I couldn't help
but to try MLS policy.
As the same results a few months back it seems there isn't any support
for this policy yet to work with xserver is there?
i.g. from what I see after allowing most of the avc's, I'm left with
these that seem to keep appearing upon a reboot:
allow insmod_t kernel_t:process setsched;
allow kernel_t bluetooth_t:socket write;
allow sysadm_sudo_t devpts_t:dir search;
allow sysadm_xserver_t memory_device_t:chr_file { read write };
<------ I can't start X without this one here.
allow syslogd_t var_log_t:file append;
I think it's the same with hid2hci --tohci upon wakeup, the ioctl or
node is changed resulting in a new avc's for that device.
Is there going to be support to use MLS in the future or is it too
much of a security risk.(xserver).
regards;
--
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
