From: pebenito@gentoo.org (Chris PeBenito) Date: Mon, 27 Jul 2009 15:12:52 -0400 Subject: [refpolicy] apps_wm.patch In-Reply-To: <4A5C965D.8090005@redhat.com> References: <4A155E29.9020205@redhat.com> <1247579056.31521.60.camel@gorn.columbia.tresys.com> <4A5C965D.8090005@redhat.com> Message-ID: <1248721972.3388.2.camel@defiant.pebenito.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2009-07-14 at 10:29 -0400, Daniel J Walsh wrote: > On 07/14/2009 09:44 AM, Christopher J. PeBenito wrote: > > On Thu, 2009-05-21 at 09:59 -0400, Daniel J Walsh wrote: > >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_wm.patch > >> > >> window manager policy developed by the MLS guys for handling Window > >> Manager events in an MLS environment. > > > > This looks like should be collapsed into wm_t+ubac. > > > I am not sure you can because you need calls like > > corecmd_bin_domtrans(guest_wm_t, guest_t) > corecmd_shell_domtrans(guest_wm_t, guest_t) > > guest_t -> wm_exec_t -> guest_wm_t -> bin_t -> guest_t > > Similar to what we have with dbus. Merged. -- Chris PeBenito Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243