[DSE-User] xserver-xorg-core 2:1.6.0-1 and xselinux

Martin Orr martin at martinorr.name
Sat Apr 11 11:33:53 UTC 2009


For anyone running SELinux and following sid, xserver-xorg-core 2:1.6.0-1
enables the xselinux extension.  This means the X server will start applying
SELinux policy to control access to windows, input events, the clipboard etc.

However, this requires policy to match, which at least for KDE isn't ready
yet.  I believe work has been done on suitable policy for GNOME, so that
might work better.  Anyway, I was unable to log in to KDE after installing
xserver-xorg-core 2:1.6.0-1.

If you want to keep using the kernel-enforced part of SELinux, but disable
the new checks performed by the X server, then add the following to
/etc/X11/xorg.conf:
Section "Module"
	SubSection "extmod"
		Option "SELinux mode disabled"
	EndSubSection
EndSection

You can also put the X server into permissive mode while leaving the kernel
in enforcing by replacing "SELinux mode disabled" by "SELinux mode permissive".

-- 
Martin Orr



More information about the Selinux-user mailing list