From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id i4JKa0Rb014014 for ; Wed, 19 May 2004 16:36:00 -0400 (EDT) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id i4JKXXB4017410 for ; Wed, 19 May 2004 20:33:34 GMT Message-ID: <40ABC543.5050600@netscape.net> Date: Wed, 19 May 2004 14:36:19 -0600 From: Charles R Martin MIME-Version: 1.0 To: ewalsh@epoch.ncsc.mil CC: selinux@tycho.nsa.gov Subject: Re: SE-X available References: <1084828114.3551.52.camel@moss-tarheels.epoch.ncsc.mil> In-Reply-To: <1084828114.3551.52.camel@moss-tarheels.epoch.ncsc.mil> Content-Type: text/plain; charset=us-ascii; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov By the way, this heading managed to put this into my junk mail folder.... apparently 'SE-X available' looked like spam.... ewalsh@epoch.ncsc.mil wrote: >The Security-Enhanced Linux support for X lives in the XACE-SELINUX >branch of the X.org CVS tree, which is hosted at freedesktop.org. > >To obtain the code via anonymous CVS, use: > >$ cvs -d :pserver:anoncvs@cvs.freedesktop.org:/cvs/xorg login >CVS password: >$ cvs -d :pserver:anoncvs@cvs.freedesktop.org:/cvs/xorg co -P >-rXACE-SELINUX xc > >You'll need the latest SELinux release which contains the new X security >classes, attributes, and supporting types. > >When building the X server, make sure your config/cf/host.def includes >the following: > >#define BuildXACE YES >#define BuildXSELinux YES >#define ExtraLibraries -lselinux > >Note that there is no policy written yet, so nothing is allowed; you'll >need to be in permissive mode. The denied messages should appear in the >log file, /var/log/Xorg.0.log, and on the X server's stderr also I >believe. They don't start with the "avc: " pattern that audit2allow >uses, so that program will have to be modified to work. > >The security architecture in the X server is more or less based on the >paper, "Securing the X Window System with SELinux" that is available in >our documentation section. There are some minor differences, notably >the property and xextension classes. I'll try to come up with >class/access vector descriptions similar to the ones that were posted >earlier. > > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.