From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from zombie.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id m5IEZHgQ010969 for ; Wed, 18 Jun 2008 10:35:17 -0400 Received: from icweb02oc.mail2world.com (jazzdrum.ncsc.mil [144.51.5.7]) by zombie.ncsc.mil (8.12.10/8.12.10) with ESMTP id m5IEZGj3010461 for ; Wed, 18 Jun 2008 14:35:16 GMT From: "T S" To: Cc: Subject: Re: Question about XACE/X-SELinux Date: Wed, 18 Jun 2008 07:34:53 -0700 Message-ID: <068601c8d150$7893cc40$046a010a@mail2world.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0687_01C8D115.CC34F440" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. ------=_NextPart_000_0687_01C8D115.CC34F440 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit >> Hello, >> >> I just want to try functionalities X-SELinux, such as prohibiting cut and >> paste. >> Since the below changelog(URL) says X-SELinux functionalities are turned off >> by default, >> I think I need to turn on at first. >> I appreciate someone tell me how to turn on. >>> http://lwn.net/Articles/283539/ >> >> I am using Fedora Core9, xorg-server-Xorg-1.4.99.902-3.20080612, >> and GNOME( meaning just after FC9 and yum update). >> >> I thought X-SELinux functionalities are turned on by default in FC9, >> so I tried the below steps. >> 1) setsebool xserver_object_manager=true >> 2) insert loadable module like below. because I was expecting >> some avc logs were generated if I tried cut and paste. >> >>> policy_module(test, 1.0.0) >>> gen_require(` >>> attribute domain; >>> class x_synthetic_event { send receive }; >>>') >>>auditallow domain domain:x_synthetic_event {send receive}; >> >> 3) setenforce 1 >> 4) reboot GNOME( init 3 and init 5) >> 5) trying cut&paste from a window to others. No avclogs are found. >> Only found "Loading extension SELinux" in /var/log/Xorg.0.org. >> >> I appreciate someone tell me what I am missing here. >> >> Regards, >> K >> >> >> Need cash? Click to get an emergency loan, bad credit ok >> >> _______________________________________________________________ >> Get the FREE email that has everyone talking at http://www.mail2world.com >> Unlimited Email Storage - POP3 - Calendar - SMS - Translator - Much More! > >Add this to xorg.conf > >Section "Extensions" >Option "SELinux" "Enable" >EndSection > >Thr default enforcing state is Permissive. > >Add this to set Enforcing state in X > >Section "Module" >SubSection "extmod" >Option "SELinux Enforcing" >EndSubSection >EndSection > >Add this to have the X Enforcing mode track the system enforcing state > >Section "Module" >SubSection "extmod" >Option "SELinux TrackSystem" >EndSubSection >EndSection > >xdpyinfo will tell you if the SELinux extension is enabled. It works! thanks! . Regards, K All is not lost! Click now for professional data recovery.

_______________________________________________________________
Get the FREE email that has everyone talking at http://www.mail2world.com
Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More! ------=_NextPart_000_0687_01C8D115.CC34F440 Content-Type: text/html Content-Transfer-Encoding: 7bit >> Hello,
>>
>> I just want to try functionalities X-SELinux, such as prohibiting cut and
>> paste.
>> Since the below changelog(URL) says X-SELinux functionalities are turned off
>> by default,
>> I think I need to turn on at first.
>> I appreciate someone tell me how to turn on.
>>> http://lwn.net/Articles/283539/
>>
>> I am using Fedora Core9, xorg-server-Xorg-1.4.99.902-3.20080612,
>> and GNOME( meaning just after FC9 and yum update).
>>
>> I thought X-SELinux functionalities are turned on by default in FC9,
>> so I tried the below steps.
>> 1) setsebool xserver_object_manager=true
>> 2) insert loadable module like below. because I was expecting
>> some avc logs were generated if I tried cut and paste.
>>
>>> policy_module(test, 1.0.0)
>>> gen_require(`
>>> attribute domain;
>>> class x_synthetic_event { send receive };
>>>')
>>>auditallow domain domain:x_synthetic_event {send receive};
>>
>> 3) setenforce 1
>> 4) reboot GNOME( init 3 and init 5)
>> 5) trying cut&paste from a window to others. No avclogs are found.
>> Only found "Loading extension SELinux" in /var/log/Xorg.0.org.
>>
>> I appreciate someone tell me what I am missing here.
>>
>> Regards,
>> K
>>
>>
>> Need cash? Click to get an emergency loan, bad credit ok
>>
>> _______________________________________________________________
>> Get the FREE email that has everyone talking at http://www.mail2world.com
>> Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!
>
>Add this to xorg.conf
>
>Section "Extensions"
>Option "SELinux" "Enable"
>EndSection
>
>Thr default enforcing state is Permissive.
>
>Add this to set Enforcing state in X
>
>Section "Module"
>SubSection "extmod"
>Option "SELinux Enforcing"
>EndSubSection
>EndSection
>
>Add this to have the X Enforcing mode track the system enforcing state
>
>Section "Module"
>SubSection "extmod"
>Option "SELinux TrackSystem"
>EndSubSection
>EndSection
>
>xdpyinfo will tell you if the SELinux extension is enabled.

It works! thanks!
.
Regards,
K

All is not lost! Click now for professional data recovery.