From: dwalsh@redhat.com (Daniel J Walsh) Date: Tue, 14 Jul 2009 10:29:49 -0400 Subject: [refpolicy] apps_wm.patch In-Reply-To: <1247579056.31521.60.camel@gorn.columbia.tresys.com> References: <4A155E29.9020205@redhat.com> <1247579056.31521.60.camel@gorn.columbia.tresys.com> Message-ID: <4A5C965D.8090005@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 07/14/2009 09:44 AM, Christopher J. PeBenito wrote: > On Thu, 2009-05-21 at 09:59 -0400, Daniel J Walsh wrote: >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_wm.patch >> >> window manager policy developed by the MLS guys for handling Window >> Manager events in an MLS environment. > > This looks like should be collapsed into wm_t+ubac. > I am not sure you can because you need calls like corecmd_bin_domtrans(guest_wm_t, guest_t) corecmd_shell_domtrans(guest_wm_t, guest_t) guest_t -> wm_exec_t -> guest_wm_t -> bin_t -> guest_t Similar to what we have with dbus.