Russell Coker
Date: Sun Feb 13 2011
To: "SE-Linux" <>

The attached patch makes kdm do all the work of determining the correct SE
Linux context. With this patch there is no need for for a kdm

The reason for this is that currently when kdm creates a ~/.xsession-errors
file it uses the default level - IE the low level of the kdm process itself.
If the user has a low level that's higher than SystemLow then they won't be
able to write to the errors file. My patch makes it call setfscreatecon()
before doing that.

Please tell me what you think, both about the patch itself and the concept.
If we go ahead with this then I'll probably have to write similar patches for
all the other common xdm programs.

