|Main Archive Page > Month Archives > selinux archives|
On Mon, 2008-02-25 at 09:12 -0500, Stephen Smalley wrote:
> On Mon, 2008-02-25 at 09:09 -0500, Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > If I turn on xserver_object_manager in rawhide and log in as staff_t in
> > permissive mode, I get all sorts of things failing, which makes writing
> > policy for it very difficult. And is very broken.
> Hmmm...as I understood it, XSELinux should follow the kernel's enforcing
> status by default (i.e. if the kernel is permissive, then so should
> XSELinux), unless you explicitly configure enforcing= in xorg.conf to
> specify a different setting for the X server than the kernel. You are
> supposed to be able to make the X server permissive w/o making the
> kernel permissive via xorg configuration, I believe, although I'm not
> sure that made it into the rawhide xorg yet.
Doesn't look like the rawhide xorg server has that support yet.
But it should follow the kernel's enforcing status. You should see log messages with "received setenforce notice (enforcing=...)" in them from both dbus and X in either /var/log/messages or /var/log/audit/audit.log. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to firstname.lastname@example.org with the words "unsubscribe selinux" without quotes as the message.