From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QrWdz-0004gM-Hi for garchives@archives.gentoo.org; Thu, 11 Aug 2011 14:53:59 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B301021C07F; Thu, 11 Aug 2011 14:53:41 +0000 (UTC) Received: from mail-iy0-f175.google.com (mail-iy0-f175.google.com [209.85.210.175]) by pigeon.gentoo.org (Postfix) with ESMTP id 4A49521C079 for ; Thu, 11 Aug 2011 14:52:46 +0000 (UTC) Received: by iyn15 with SMTP id 15so160765iyn.20 for ; Thu, 11 Aug 2011 07:52:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=zcSlY/sjAPv9Pp9axhQNJaQlAkNMAKRFA5bE+jFEpmg=; b=pikg64W99Mw2gddQvZMLGKq9w5Ao0twFYUFn7uR5tJaz64usRPMOGdY9necAccC+p+ mQ4+ALLcIlgDrnE79io0bkV9zz5tyBndnPp1wjmCRFgvBaAonmv5QbEI2xbQMaRcELvn h4/qSo/bySW1Nga1CS311IsTWbtnGhZqaqu6M= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.231.41.147 with SMTP id o19mr12094277ibe.82.1313074366416; Thu, 11 Aug 2011 07:52:46 -0700 (PDT) Sender: sven.j.vermeulen@gmail.com Received: by 10.231.58.213 with HTTP; Thu, 11 Aug 2011 07:52:46 -0700 (PDT) In-Reply-To: <20110811143809.4b45500f@studio11c> References: <201108102057.46586.mail@smogura.eu> <20110811143809.4b45500f@studio11c> Date: Thu, 11 Aug 2011 16:52:46 +0200 X-Google-Sender-Auth: t09DOjTjcHBK_jB0B4ne5743wrA Message-ID: Subject: Re: [gentoo-hardened] SeLinux system_u:system_r:initrc_t inside KDE From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Content-Type: multipart/alternative; boundary=001517741b9e2c88ef04aa3bf306 X-Archives-Salt: X-Archives-Hash: 9070b4ba07e84cf31dbedef55f20a128 --001517741b9e2c88ef04aa3bf306 Content-Type: text/plain; charset=ISO-8859-1 On Thu, Aug 11, 2011 at 2:38 PM, Udo Siewert wrote: > don't use /etc/init.d/xdm to start KDE but start it by the 'startx' > command with an .xinitrc file in /home/user which should contain 'exec > startkde'. > > SELinux-wise, it is fine to use xdm, gdm, kdm or whatever. However, it is possible that our policies are not correct yet to handle this. So we'll need to figure that out first ;-) What context does the gdm/xdm/kdm binary have on your system? Where is the binary located? It looks like the context should be xdm_exec_t, offered through the xserver module. Is sec-policy/selinux-xserver installed on your system? Wkr, Sven Vermeulen --001517741b9e2c88ef04aa3bf306 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Thu, Aug 11, 2011 at 2:38 PM, Udo Siewert <algenib@lavabit.c= om> wrote:
don't use /etc/init.d/xdm to start KDE but start it by the 'startx&= #39;
command with an .xinitrc file in /home/user which should contain 'exec<= br> startkde'.


SELinux-wise, it is fine to use= xdm, gdm, kdm or whatever. However, it is possible that our policies are n= ot correct yet to handle this. So we'll need to figure that out first ;= -)

What context does the gdm/xdm/kdm binary have on your system? Where is = the binary located?

It looks like the context should be xdm_exec_t, = offered through the xserver module. Is sec-policy/selinux-xserver installed= on your system?

Wkr,
=A0 Sven Vermeulen
--001517741b9e2c88ef04aa3bf306--