From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 14 Jul 2009 10:29:49 -0400
Subject: [refpolicy] apps_wm.patch
In-Reply-To: <1247579056.31521.60.camel@gorn.columbia.tresys.com>
References: <4A155E29.9020205@redhat.com>
	<1247579056.31521.60.camel@gorn.columbia.tresys.com>
Message-ID: <4A5C965D.8090005@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/14/2009 09:44 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 09:59 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_wm.patch
>>
>> window manager policy developed by the MLS guys for handling Window
>> Manager events in an MLS environment.
> 
> This looks like should be collapsed into wm_t+ubac.
> 
I am not sure you can because you need calls like



corecmd_bin_domtrans(guest_wm_t, guest_t)
corecmd_shell_domtrans(guest_wm_t, guest_t)

guest_t -> wm_exec_t -> guest_wm_t -> bin_t -> guest_t

Similar to what we have with dbus.