selinux February 2011 archive
Main Archive Page > Month Archives  > selinux archives
selinux: kdm patch

kdm patch

From: Russell Coker <russell_at_nospam>
Date: Sun Feb 13 2011 - 12:16:34 GMT
To: "SE-Linux" <selinux@tycho.nsa.gov>

The attached patch makes kdm do all the work of determining the correct SE
Linux context. With this patch there is no need for pam_selinux.so for a kdm
login.

The reason for this is that currently when kdm creates a ~/.xsession-errors
file it uses the default level - IE the low level of the kdm process itself.
If the user has a low level that's higher than SystemLow then they won't be
able to write to the errors file. My patch makes it call setfscreatecon()
before doing that.

Please tell me what you think, both about the patch itself and the concept.
If we go ahead with this then I'll probably have to write similar patches for
all the other common xdm programs.

-- russell@coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.