From: russell@coker.com.au (Russell Coker)
Date: Wed, 09 Mar 2011 19:03:37 +1100
Subject: [refpolicy] [PATCH 13/34]: patch to allow networkmanager dbus
	chat
In-Reply-To: <1299533995.2967.23.camel@tesla.lan>
References: <1297836836.3205.56.camel@tesla.lan> <4D651B7A.4010100@tresys.com>
	<1298487030.29671.20.camel@tesla.lan> <4D74E408.2050501@tresys.com>
	<1299517796.2978.41.camel@tesla.lan> <4D7533E5.9050806@tresys.com>
	<1299533995.2967.23.camel@tesla.lan>
Message-ID: <1e2c5493-fd5d-4770-8bfe-fb0b0ad05234@email.android.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



 think my latest reply was not the proper answer to your question.
>What
>I meant for "everything is running as xdm_t" is that as a normal user
>if
>you type "id -Z" from the gnome-terminal, then you get xdm_t (which
>still looks suspicious to me).

That usually means that you don't have PAM configured correctly.  Probably your xdm is not compiled with SE support and you are not using pam_selinux.so .

>It's just something very simple. A make target which runs ps axZ (as
>sysadm) and compares a few very basic things:
>
>- if init has properly transitioned to its context (apparently at the
>moment no one cares if it hasn't, which is quite worrying as everything

I am working on test VMs for Debian now and plan to do such things.

>By the way, Tresys' SMTP server is blocking some mail from dynamically
>allocated mobile Internet connections (using barracudanetworks.com). I

You shoud configure your phone to send through a smart host.  I am going to run such a server for SE testing, contact me off list for an account.
-- 
My blog    http://etbe.coker.com.au