On Thu, 11 Aug 2011 16:52:46 +0200 Sven Vermeulen <sven.vermeu...@siphos.be> wrote:
Hi, > On Thu, Aug 11, 2011 at 2:38 PM, Udo Siewert <alge...@lavabit.com> > wrote: > > > don't use /etc/init.d/xdm to start KDE but start it by the 'startx' > > command with an .xinitrc file in /home/user which should contain > > 'exec startkde'. > > > > > SELinux-wise, it is fine to use xdm, gdm, kdm or whatever. However, > it is possible that our policies are not correct yet to handle this. > So we'll need to figure that out first ;-) > > What context does the gdm/xdm/kdm binary have on your system? Where > is the binary located? /usr/bin/kdm system_u:object_r:xdm_exec_t /usr/bin/xdm system_u:object_r:xdm_exec_t When starting KDE by /etc/init.d/xdm 'id -Z' -> system_u:system_r:xdm_t and all KDE processes -> system_u:system_r:xdm_t Using the 'startx' command 'id-Z' -> unconfined_u:unconfined_r:unconfined_t KDE processes -> unconfined_u:unconfined_r:unconfined_t which should be correctly. > It looks like the context should be xdm_exec_t, offered through the > xserver module. Is sec-policy/selinux-xserver installed on your > system? Nope, emerging fails due to file collisions. Probably cause I've installed sec-policy/selinux-Desktop-2.20101213. semodule -l [...] xserver 3.5.0 Regards, Udo
