Tutorial on setting up SELinux / X Server
Eamon Walsh
ewalsh at tycho.nsa.gov
Fri Dec 4 03:07:53 UTC 2009
On 12/02/2009 10:22 PM, Tyler Durvik wrote:
> Greetings,
>
> I am looking for a tutorial, or instructions, on how to set up an X
> Server to work with SELinux. I have fedora 12 installed and ready to
> go. Does anyone have links/pages to where I may find this
> information?
>
> Thanks
>
Turn on the xserver_object_manager boolean and restart X, as described
by Dominick. AVC's generated by X will go in Xorg.0.log as well as
audit.log (as type "USER_AVC").
The current X policy in F12 probably will generate AVC's on a full
desktop session. There is a much improved X policy upstream that is not
in F12 yet. I will bug Dan to ship it in his next update.
If you want to run the X server in permissive mode but keep the rest of
the system enforcing put the following in xorg.conf:
Section "Module"
SubSection "extmod"
Option "SELinux mode permissive"
EndSubSection
EndSection
--
Eamon Walsh
National Security Agency
More information about the fedora-selinux-list
mailing list