I'm working on enhancing SELinux for thin clients (booting from the netcard)
The problem: during the connection to the "server" from "client" by ssh with parameter -X I dont see correct context of window properties (X_PROP for ex.), it is NNN:s0, but not NNN:s1
More detally algorythm:
xinit /usr/bin/terminal -- :1 ------ new X
ssh user@IP -X
xfce-session &
xauth list ------ to repair DISPLAY in the new security level
newrole -l s1
xauth add DISPLAY ------ repair it
leafpad&
-------------------
in xorg-server-1.12.0/Xext/xselinux_hooks.c inserted logs on X_PROP right after rc=SELinuxDoCheck() just input some text in "leafpad" and look to the /var/log/Xorg.1.log)
On the other hand int /proc we have correct context of tested application (leafpad), but internally not.
Resulting context of obj(PROP): user_u:object_t:xproperty_t:s0 but it must be NNN:s1 like on local X-session on the server or on the client.
Files /etc/ssh/sshd_config and ssh_config set up correctly: ForwardX11Trusted=yes
How to do it working, or there is not such fuctnionality in SELinux?
Thanks,
Alexander
--
work3231 work3231
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
