2009-05-21 13:59:05

by Daniel Walsh

[permalink] [raw]
Subject: [refpolicy] apps_wm.patch

http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_wm.patch

window manager policy developed by the MLS guys for handling Window
Manager events in an MLS environment.


2009-07-14 13:44:16

by cpebenito

[permalink] [raw]
Subject: [refpolicy] apps_wm.patch

On Thu, 2009-05-21 at 09:59 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_wm.patch
>
> window manager policy developed by the MLS guys for handling Window
> Manager events in an MLS environment.

This looks like should be collapsed into wm_t+ubac.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

2009-07-14 14:29:49

by Daniel Walsh

[permalink] [raw]
Subject: [refpolicy] apps_wm.patch

On 07/14/2009 09:44 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 09:59 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_wm.patch
>>
>> window manager policy developed by the MLS guys for handling Window
>> Manager events in an MLS environment.
>
> This looks like should be collapsed into wm_t+ubac.
>
I am not sure you can because you need calls like



corecmd_bin_domtrans(guest_wm_t, guest_t)
corecmd_shell_domtrans(guest_wm_t, guest_t)

guest_t -> wm_exec_t -> guest_wm_t -> bin_t -> guest_t

Similar to what we have with dbus.

2009-07-27 19:12:52

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] apps_wm.patch

On Tue, 2009-07-14 at 10:29 -0400, Daniel J Walsh wrote:
> On 07/14/2009 09:44 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-05-21 at 09:59 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_wm.patch
> >>
> >> window manager policy developed by the MLS guys for handling Window
> >> Manager events in an MLS environment.
> >
> > This looks like should be collapsed into wm_t+ubac.
> >
> I am not sure you can because you need calls like
>
> corecmd_bin_domtrans(guest_wm_t, guest_t)
> corecmd_shell_domtrans(guest_wm_t, guest_t)
>
> guest_t -> wm_exec_t -> guest_wm_t -> bin_t -> guest_t
>
> Similar to what we have with dbus.

Merged.

--
Chris PeBenito
<[email protected]>
Developer,
Hardened Gentoo Linux

Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243