FC6 SELinux issues
Christopher J. PeBenito
cpebenito at tresys.com
Tue Oct 10 13:17:41 UTC 2006
On Mon, 2006-10-09 at 21:57 -0400, Gene Czarcinski wrote:
> On Monday 09 October 2006 21:22, Joshua Brindle wrote:
> > Gene Czarcinski wrote:
> > > On Monday 09 October 2006 10:05, Christopher J. PeBenito wrote:
> > >
> > >
> > >>> I assume that strict mode should be capable of running X ... true or
> > >>> false?
> > >>>
> > >>
> > >> Strictly speaking (no pun intended) yes, since it does have the xserver
> > >> module. In reality, it probably still has issues since very few desktop
> > >> users want a strict policy, so it is untested.
> > >>
> > >
> > > While a server may not have a good display directly attached, it would be
> > > useful to run X remotely since some of the system configuration tools are
> > > gui only ... for example, selinux.
> > >
> >
> > running X apps that are exported to a remote machine isn't the same
> > thing as running an Xserver on the local machine.
>
> Yes, but I was told not to install X (it was not supported). If it is "only"
> the running of Xserver that is not supported with strict or mls policies,
> then I can live with that. However, running Xserver will need to be
> supported to be competitive with TSOL.
I believe that you are confusing "supported" w.r.t. Red Hat and
"supported" w.r.t. SELinux itself. I believe Red Hat only supports the
strict policy on RHEL and only with a support contract. I'm guessing it
will probably be same for the MLS/LSPP policy.
As for SELinux in general, X servers can work on the strict policy, it
just hasn't had much testing with the 2.* (reference policy-based)
policies.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the fedora-selinux-list
mailing list