From: pebenito@gentoo.org (Chris PeBenito)
Date: Mon, 27 Jul 2009 15:12:52 -0400
Subject: [refpolicy] apps_wm.patch
In-Reply-To: <4A5C965D.8090005@redhat.com>
References: <4A155E29.9020205@redhat.com>
	<1247579056.31521.60.camel@gorn.columbia.tresys.com>
	<4A5C965D.8090005@redhat.com>
Message-ID: <1248721972.3388.2.camel@defiant.pebenito.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2009-07-14 at 10:29 -0400, Daniel J Walsh wrote:
> On 07/14/2009 09:44 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-05-21 at 09:59 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_wm.patch
> >>
> >> window manager policy developed by the MLS guys for handling Window
> >> Manager events in an MLS environment.
> > 
> > This looks like should be collapsed into wm_t+ubac.
> > 
> I am not sure you can because you need calls like
> 
> corecmd_bin_domtrans(guest_wm_t, guest_t)
> corecmd_shell_domtrans(guest_wm_t, guest_t)
> 
> guest_t -> wm_exec_t -> guest_wm_t -> bin_t -> guest_t
> 
> Similar to what we have with dbus.

Merged.

-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer,
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243