On a system with selinux-policy-mls install you will find a file /etc/selinux/mls/contexts/x_contexts which will give you an idea about the labeling of various X object. X objects are label with the level of the X application process and the mls constraints control operations like copy/paste you mention which is prohibited. Ted On Tue, Nov 17, 2009 at 8:21 AM, Dyson, Mark L (IS) <Mark.Dyson@xxxxxxx> wrote: > I’ll narrow the scope of my initial question a bit, here: can SELinux > support this sort of operation? Some online literature seems to suggest > otherwise but it’s admittedly a few years old. > > > > Thanks again, > > Mark > > > > From: owner-selinux@xxxxxxxxxxxxx [mailto:owner-selinux@xxxxxxxxxxxxx] On > Behalf Of Dyson, Mark L (IS) > Sent: Monday, November 16, 2009 10:09 AM > To: selinux@xxxxxxxxxxxxx > Subject: Windows-level enforcement in SELinux? > > > > Hello, > > I’ve been tasked to map out a path for migrating a MLS application from > Trusted Solaris to SELinux. I’m sure I’ll have many questions to come, but > after some initial readings one of my first is: > > How does SELinux label individual X-windows in a user session, so that (for > example) data contained in a high-level security window cannot be copied and > then pasted into a lower-level security window? > > Thanks in advance! > Mark -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
