* Question about XACE/X-SELinux
@ 2008-06-17 12:50 T S
2008-06-17 14:09 ` Xavier Toth
0 siblings, 1 reply; 3+ messages in thread
From: T S @ 2008-06-17 12:50 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 1674 bytes --]
Hello,
I just want to try functionalities X-SELinux, such as prohibiting cut
and paste.
Since the below changelog(URL) says X-SELinux functionalities are turned
off by default,
I think I need to turn on at first.
I appreciate someone tell me how to turn on.
> http://lwn.net/Articles/283539/
I am using Fedora Core9, xorg-server-Xorg-1.4.99.902-3.20080612,
and GNOME( meaning just after FC9 and yum update).
I thought X-SELinux functionalities are turned on by default in FC9,
so I tried the below steps.
1) setsebool xserver_object_manager=true
2) insert loadable module like below. because I was expecting
some avc logs were generated if I tried cut and paste.
> policy_module(test, 1.0.0)
> gen_require(`
> attribute domain;
> class x_synthetic_event { send receive };
>')
>auditallow domain domain:x_synthetic_event {send receive};
3) setenforce 1
4) reboot GNOME( init 3 and init 5)
5) trying cut&paste from a window to others. No avclogs are found.
Only found "Loading extension SELinux" in /var/log/Xorg.0.org.
I appreciate someone tell me what I am missing here.
Regards,
K
Need cash? Click to get an emergency loan, bad credit ok
<http://tagline.bidsystem.com/fc/Ioyw36XHxOdtlQEyiBy8w8bGOQx9ugfZFBGL7xG
NpWaG9Vx6r3wVdx/>
<span id=m2wTl><p><font face="Arial, Helvetica, sans-serif" size="2" style="font-size:13.5px">_______________________________________________________________<BR>Get the FREE email that has everyone talking at <a href=http://www.mail2world.com target=new>http://www.mail2world.com</a><br> <font color=#999999>Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!</font></font></span>
[-- Attachment #2: Type: text/html, Size: 2075 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Question about XACE/X-SELinux
2008-06-17 12:50 Question about XACE/X-SELinux T S
@ 2008-06-17 14:09 ` Xavier Toth
0 siblings, 0 replies; 3+ messages in thread
From: Xavier Toth @ 2008-06-17 14:09 UTC (permalink / raw)
To: T S; +Cc: selinux
On Tue, Jun 17, 2008 at 7:50 AM, T S <t_mail@mail2airport.com> wrote:
> Hello,
>
> I just want to try functionalities X-SELinux, such as prohibiting cut and
> paste.
> Since the below changelog(URL) says X-SELinux functionalities are turned off
> by default,
> I think I need to turn on at first.
> I appreciate someone tell me how to turn on.
>> http://lwn.net/Articles/283539/
>
> I am using Fedora Core9, xorg-server-Xorg-1.4.99.902-3.20080612,
> and GNOME( meaning just after FC9 and yum update).
>
> I thought X-SELinux functionalities are turned on by default in FC9,
> so I tried the below steps.
> 1) setsebool xserver_object_manager=true
> 2) insert loadable module like below. because I was expecting
> some avc logs were generated if I tried cut and paste.
>
>> policy_module(test, 1.0.0)
>> gen_require(`
>> attribute domain;
>> class x_synthetic_event { send receive };
>>')
>>auditallow domain domain:x_synthetic_event {send receive};
>
> 3) setenforce 1
> 4) reboot GNOME( init 3 and init 5)
> 5) trying cut&paste from a window to others. No avclogs are found.
> Only found "Loading extension SELinux" in /var/log/Xorg.0.org.
>
> I appreciate someone tell me what I am missing here.
>
> Regards,
> K
>
>
> Need cash? Click to get an emergency loan, bad credit ok
>
> _______________________________________________________________
> Get the FREE email that has everyone talking at http://www.mail2world.com
> Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!
Add this to xorg.conf
Section "Extensions"
Option "SELinux" "Enable"
EndSection
Thr default enforcing state is Permissive.
Add this to set Enforcing state in X
Section "Module"
SubSection "extmod"
Option "SELinux Enforcing"
EndSubSection
EndSection
Add this to have the X Enforcing mode track the system enforcing state
Section "Module"
SubSection "extmod"
Option "SELinux TrackSystem"
EndSubSection
EndSection
xdpyinfo will tell you if the SELinux extension is enabled.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Question about XACE/X-SELinux
@ 2008-06-18 14:34 T S
0 siblings, 0 replies; 3+ messages in thread
From: T S @ 2008-06-18 14:34 UTC (permalink / raw)
To: txtoth; +Cc: selinux
[-- Attachment #1: Type: text/plain, Size: 2592 bytes --]
>> Hello,
>>
>> I just want to try functionalities X-SELinux, such as prohibiting cut
and
>> paste.
>> Since the below changelog(URL) says X-SELinux functionalities are
turned off
>> by default,
>> I think I need to turn on at first.
>> I appreciate someone tell me how to turn on.
>>> http://lwn.net/Articles/283539/
>>
>> I am using Fedora Core9, xorg-server-Xorg-1.4.99.902-3.20080612,
>> and GNOME( meaning just after FC9 and yum update).
>>
>> I thought X-SELinux functionalities are turned on by default in FC9,
>> so I tried the below steps.
>> 1) setsebool xserver_object_manager=true
>> 2) insert loadable module like below. because I was expecting
>> some avc logs were generated if I tried cut and paste.
>>
>>> policy_module(test, 1.0.0)
>>> gen_require(`
>>> attribute domain;
>>> class x_synthetic_event { send receive };
>>>')
>>>auditallow domain domain:x_synthetic_event {send receive};
>>
>> 3) setenforce 1
>> 4) reboot GNOME( init 3 and init 5)
>> 5) trying cut&paste from a window to others. No avclogs are found.
>> Only found "Loading extension SELinux" in /var/log/Xorg.0.org.
>>
>> I appreciate someone tell me what I am missing here.
>>
>> Regards,
>> K
>>
>>
>> Need cash? Click to get an emergency loan, bad credit ok
>>
>> _______________________________________________________________
>> Get the FREE email that has everyone talking at
http://www.mail2world.com
>> Unlimited Email Storage - POP3 - Calendar - SMS - Translator - Much
More!
>
>Add this to xorg.conf
>
>Section "Extensions"
>Option "SELinux" "Enable"
>EndSection
>
>Thr default enforcing state is Permissive.
>
>Add this to set Enforcing state in X
>
>Section "Module"
>SubSection "extmod"
>Option "SELinux Enforcing"
>EndSubSection
>EndSection
>
>Add this to have the X Enforcing mode track the system enforcing state
>
>Section "Module"
>SubSection "extmod"
>Option "SELinux TrackSystem"
>EndSubSection
>EndSection
>
>xdpyinfo will tell you if the SELinux extension is enabled.
It works! thanks!
.
Regards,
K
All is not lost! Click now for professional data recovery.
<http://tagline.bidsystem.com/fc/Ioyw36XJLjK4UhGstZZSQ3Hk0AZo6rvZS3retV8
f9VUsqNp68F5S4h/>
<span id=m2wTl><p><font face="Arial, Helvetica, sans-serif" size="2" style="font-size:13.5px">_______________________________________________________________<BR>Get the FREE email that has everyone talking at <a href=http://www.mail2world.com target=new>http://www.mail2world.com</a><br> <font color=#999999>Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!</font></font></span>
[-- Attachment #2: Type: text/html, Size: 3538 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-06-18 14:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-17 12:50 Question about XACE/X-SELinux T S
2008-06-17 14:09 ` Xavier Toth
-- strict thread matches above, loose matches on Subject: below --
2008-06-18 14:34 T S
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.