[DSE-User] xserver-xorg-core 2:1.6.0-1 and xselinux
Martin Orr
martin at martinorr.name
Sat Apr 11 11:33:53 UTC 2009
For anyone running SELinux and following sid, xserver-xorg-core 2:1.6.0-1
enables the xselinux extension. This means the X server will start applying
SELinux policy to control access to windows, input events, the clipboard etc.
However, this requires policy to match, which at least for KDE isn't ready
yet. I believe work has been done on suitable policy for GNOME, so that
might work better. Anyway, I was unable to log in to KDE after installing
xserver-xorg-core 2:1.6.0-1.
If you want to keep using the kernel-enforced part of SELinux, but disable
the new checks performed by the X server, then add the following to
/etc/X11/xorg.conf:
Section "Module"
SubSection "extmod"
Option "SELinux mode disabled"
EndSubSection
EndSection
You can also put the X server into permissive mode while leaving the kernel
in enforcing by replacing "SELinux mode disabled" by "SELinux mode permissive".
--
Martin Orr
More information about the Selinux-user
mailing list