Package: kdm Version: 4:3.3.0-1.1 Severity: normal
please could the same be done to kdm as has been done to gdm, namely that when a user session is started, a different log file is used for the user session from the one that is created by kdm? the reason is because in order to allow access to the kdm-created-log-file, far too many permissions must be granted to users. namely, the permission to write to ANY files created by kdm must be granted, for a start. ta, l. On Wed, 2004-09-29 at 18:32 +0200, Thomas Bleher wrote: > I have a question about access to xdm_t: > With KDM 3.3 I am seeing a lot of accesses to xdm_t:fd and > xdm_t:fifo_file from user processes (say user_lpr_t and user_gpg_t) For Fedora we modified GDM to log the X session errors to /tmp/xses-$USER.$RANDOM, you could probably do something similar with KDM. > Should these be allowed? > If yes, should xdm_t get the attribute privfd? I think it'd be better to move the X errors to /tmp. It's more NFS-homedir friendly anyways. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to [EMAIL PROTECTED] with the words "unsubscribe selinux" without quotes as the message. -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux highfield 2.6.7-selinux1 #7 Wed Sep 8 17:46:33 BST 2004 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages kdm depends on: ii debconf 1.4.25 Debian configuration management sy ii kdebase-bin 4:3.3.0-1.1 KDE Base (binaries) ii kdelibs4 4:3.3.0-1.1 KDE core libraries ii libart-2.0-2 2.3.16-5 Library of functions for 2D graphi ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an ii libfam0c102 2.7.0-5 client library to control the FAM ii libgcc1 1:3.5-0pre1 GCC support library ii libice6 4.3.0.dfsg.1-6 Inter-Client Exchange library ii libidn11 0.5.2-2 GNU libidn library, implementation ii libncurses5 5.4-3 Shared libraries for terminal hand ii libpam-runtime 0.77-0.se5 Runtime support for the PAM librar ii libpam0g 0.77-0.se5 Pluggable Authentication Modules l ii libpng12-0 1.2.5.0-6 PNG library - runtime ii libqt3c102-mt 3:3.3.3-4 Qt GUI Library (Threaded runtime v ii libselinux1 1.16-0.1 SELinux shared libraries ii libsm6 4.3.0.dfsg.1-6 X Window System Session Management ii libstdc++5 1:3.3.4-11 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-6 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-6 X Window System miscellaneous exte ii libxrender1 0.8.3-5 X Rendering Extension client libra ii libxtst6 4.3.0-5 X Window System event recording an ii xbase-clients 4.3.0-5 miscellaneous X clients ii xlibs 4.3.0.dfsg.1-6 X Window System client libraries m ii zlib1g 1:1.2.1-3 compression library - runtime -- debconf information excluded
