From: Paul Moore <paul@paul-moore.com>
To: selinux@vger.kernel.org
Subject: [RFC,selinux-notebook PATCH 04/18] x_windows: fully convert to markdown
Date: Mon, 03 Aug 2020 21:33:42 -0400 [thread overview]
Message-ID: <159650482221.8961.7779250010228783136.stgit@sifl> (raw)
In-Reply-To: <159650470076.8961.12721446818345626943.stgit@sifl>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
src/x_windows.md | 330 +++++++++++++++++++++++++++---------------------------
1 file changed, 163 insertions(+), 167 deletions(-)
diff --git a/src/x_windows.md b/src/x_windows.md
index e2625f7..86f966e 100644
--- a/src/x_windows.md
+++ b/src/x_windows.md
@@ -68,7 +68,8 @@ time, then the X-function will only succeed if allowed by all the
security extensions in the chain.
This interface is defined in the
-"[**X Access Control Extension Specification**](http://www.x.org/releases/X11R7.5/doc/security/XACE-Spec.pdf)". The specification also defines the hooks available to OMs and
+"[**X Access Control Extension Specification**](http://www.x.org/releases/X11R7.5/doc/security/XACE-Spec.pdf)".
+The specification also defines the hooks available to OMs and
how they should be used. The provision of polyinstantiation services for
properties and selections is also discussed. The XACE interface is a
similar service to the LSM that supports the kernel OMs.
@@ -85,8 +86,6 @@ managers such as Gnome, twm or KDE.
[**Linux Security Module and SELinux**](lsm_selinux.md#linux-security-module-and-selinux)
section.
-<br>
-
## Polyinstantiation
The OM / XACE services support polyinstantiation of properties and
@@ -104,8 +103,6 @@ polyinstantiation, instead the MLS policy uses
[**`mlsconstrain`**](constraint_statements.md#mlsconstrain) to limit the scope
of properties and selections.
-<br>
-
## Configuration Information
This section covers:
@@ -234,167 +231,169 @@ client * system_u:object_r:remote_t:s0
A full description of the *x_contexts* file format is given in the
[***x_contexts***](policy_config_files.md#contextsx_contexts) section.
-<br>
-
## SELinux Extension Functions
-<table>
-<tbody>
-<tr style="background-color:#D3D3D3;">
-<td><strong>Function Name</strong></td>
-<td><strong>Minor Parameters</strong></td>
-<td><strong>Opcode</strong></td>
-<td><strong>Comments</strong></td>
-</tr>
-<tr>
-<td>XSELinuxQueryVersion</td>
-<td>0</td>
-<td>None</td>
-<td>Returns the XSELinux version. Fedora returns 1.1</td>
-</tr>
-<tr>
-<td>XSELinuxSetDeviceCreateContext</td>
-<td>1</td>
-<td>Context+Len</td>
-<td>Sets the context for creating a device object (<em>x_device</em>).</td>
-</tr>
-<tr>
-<td>XSELinuxGetDeviceCreateContext</td>
-<td>2</td>
-<td>None</td>
-<td>Retrieves the context set by <em>XSELinuxSetDeviceCreateContext</em>.</td>
-</tr>
-<tr>
-<td>XSELinuxSetDeviceContext</td>
-<td>3</td>
-<td>DeviceID + Context+Len</td>
-<td>Sets the context for creating the specified DeviceID object.</td>
-</tr>
-<tr>
-<td>XSELinuxGetDeviceContext</td>
-<td>4</td>
-<td>DeviceID</td>
-<td>Retrieves the context set by <em>XSELinuxSetDeviceContext</em>.</td>
-</tr>
-<tr>
-<td>XSELinuxSetWindowCreateContext</td>
-<td>5</td>
-<td>Context+Len</td>
-<td>Set the context for creating a window object (<em>x_window</em>).</td>
-</tr>
-<tr>
-<td>XSELinuxGetWindowCreateContext</td>
-<td>6</td>
-<td>None</td>
-<td>Retrieves the context set by <em>XSELinuxSetWindowCreateContext</em>.</td>
-</tr>
-<tr>
-<td>XSELinuxGetWindowContext</td>
-<td>7</td>
-<td>WindowID</td>
-<td>Retrieves the specified WindowID context.</td>
-</tr>
-<tr>
-<td>XSELinuxSetPropertyCreateContext</td>
-<td>8</td>
-<td>Context + Len</td>
-<td>Sets the context for creating a property object (<em>x_property</em>).</td>
-</tr>
-<tr>
-<td>XSELinuxGetPropertyCreateContext</td>
-<td>9</td>
-<td>None</td>
-<td>Retrieves the context set by <em>XSELinuxSetPropertyCreateContext</em>.</td>
-</tr>
-<tr>
-<td>XSELinuxSetPropertyUseContext</td>
-<td>10</td>
-<td>Context + Len</td>
-<td>Sets the context of the property object to be retrieved when polyinstantiation is being used.</td>
-</tr>
-<tr>
-<td>XSELinuxGetPropertyUseContext</td>
-<td>11</td>
-<td>None</td>
-<td>Retrieves the property object context set by <em>SELinuxSetPropertyUseContext</em>.</td>
-</tr>
-<tr>
-<td>XSELinuxGetPropertyContext</td>
-<td>12</td>
-<td>WindowID + AtomID</td>
-<td>Retrieves the context of the property atom object.</td>
-</tr>
-<tr>
-<td>XSELinuxGetPropertyDataContext</td>
-<td>13</td>
-<td>WindowID + AtomID</td>
-<td>Retrieves the context of the property atom data. </td>
-</tr>
-<tr>
-<td>XSELinuxListProperties</td>
-<td>14</td>
-<td>WindowID</td>
-<td>Lists the object and data contexts of properties associated with the selected WindowID.</td>
-</tr>
-<tr>
-<td>XSELinuxSetSelectionCreateContext</td>
-<td>15</td>
-<td>Context+Len</td>
-<td>Sets the context to be used for creating a selection object.</td>
-</tr>
-<tr>
-<td>XSELinuxGetSelectionCreateContext</td>
-<td>16</td>
-<td>None</td>
-<td>Retrieves the context set by <em>SELinuxSetSelectionCreateContext</em>.</td>
-</tr>
-<tr>
-<td>XSELinuxSetSelectionUseContext</td>
-<td>17</td>
-<td>Context+Len</td>
-<td>Sets the context of the selection object to be retrieved when polyinstantiation is being used. See the <em>XSELinuxListSelections</em> function for an example.</td>
-</tr>
-<tr>
-<td>XSELinuxGetSelectionUseContext</td>
-<td>18</td>
-<td>None</td>
-<td>Retrieves the selection object context set by <em>SELinuxSetSelectionUseContext</em>.</td>
-</tr>
-<tr>
-<td>XSELinuxGetSelectionContext</td>
-<td>19</td>
-<td>AtomID</td>
-<td>Retrieves the context of the specified selection atom object.</td>
-</tr>
-<tr>
-<td>XSELinuxGetSelectionDataContext</td>
-<td>20</td>
-<td>AtomID</td>
-<td>Retrieves the context of the selection data from the current selection owner (<em>x_application_data</em> object).</td>
-</tr>
-<tr>
-<td>XSELinuxListSelections</td>
-<td>21</td>
-<td>None</td>
-<td><p>Lists the selection atom object and data contexts associated with this display. The main difference in the listings is that when (for example) the <em>PRIMARY</em> selection atom is polyinstantiated, multiple entries can returned. One has the context of the atom itself, and one entry for each process (or x-client) that has an active polyinstantiated entry, for example:</p>
-<p>Atom: PRIMARY - label defined in the<em> x_contexts</em> file (this is also for non-poly listing):</p>
-<p>Object Context: system_u:object_r:primary_xselection_t</p>
-<p>Data Context: system_u:object_r:primary_xselection_t</p>
-<p>Atom: PRIMARY - Labels for client 1:</p>
-<p>Object Context: system_u:object_r:x_select_paste1_t</p>
-<p>Data Context: system_u:object_r:x_select_paste1_t</p>
-<p>Atom: PRIMARY - Labels for client 2:</p>
-<p>Object Context: system_u:object_r:x_select_paste2_t</p>
-<p>Data Context: system_u:object_r:x_select_paste2_t</p></td>
-</tr>
-<tr>
-<td><em><em>XSELinuxGetClientContext</em></em></td>
-<td><em><em>22</em></em></td>
-<td><em><em>ResourceID</em></em></td>
-<td><em><em>Retrieves the client context of the specified ResourceID.</em></em></td>
-</tr>
-</tbody>
-</table>
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxQueryVersion | 0 | None |
+
+Returns the XSELinux version. Fedora returns 1.1.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxSetDeviceCreateContext | 1 | Context + Len |
+
+Sets the context for creating a device object (*x_device*).
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetDeviceCreateContext | 2 | None |
+
+Retrieves the context set by *XSELinuxSetDeviceCreateContext*.
+
+| Function Name | Minor Parameter | Opcode |
+| ------------------------------- | --------------- | ------------------------ |
+| XSELinuxSetDeviceContext | 3 | DeviceID + Context + Len |
+
+Sets the context for creating the specified DeviceID object.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetDeviceContext | 4 | DeviceID |
+
+Retrieves the context set by *XSELinuxSetDeviceContext*.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxSetWindowCreateContext | 5 | Context + Len |
+
+Set the context for creating a window object (*x_window*).
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetWindowCreateContext | 6 | None |
+
+Retrieves the context set by *XSELinuxSetWindowCreateContext*.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetWindowContext | 7 | WindowID |
+
+Retrieves the specified WindowID context.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxSetPropertyCreateContext | 8 | Context |
+
+Sets the context for creating a property object (*x_property*).
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetPropertyCreateContext | 9 | None |
+
+Retrieves the context set by *XSELinuxSetPropertyCreateContext*.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxSetPropertyUseContext | 10 | Context + Len |
+
+Sets the context of the property object to be retrieved when polyinstantiation
+is being used.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetPropertyUseContext | 11 | None |
+
+Retrieves the property object context set by *SELinuxSetPropertyUseContext*.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetPropertyContext | 12 | WindowID + AtomID |
+
+Retrieves the context of the property atom object.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetPropertyDataContext | 13 | WindowID + AtomID |
+
+Retrieves the context of the property atom data.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxListProperties | 14 | WindowID |
+
+Lists the object and data contexts of properties associated with the selected
+WindowID.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxSetSelectionCreateContext | 15 | Context + Len |
+
+Sets the context to be used for creating a selection object.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetSelectionCreateContext | 16 | None |
+
+Retrieves the context set by *SELinuxSetSelectionCreateContext*.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxSetSelectionUseContext | 17 | Context + Len |
+
+Sets the context of the selection object to be retrieved when polyinstantiation
+is being used. See the *XSELinuxListSelections* function for an example.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetSelectionUseContext | 18 | None |
+
+Retrieves the selection object context set by *SELinuxSetSelectionUseContext*.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetSelectionContext | 19 | AtomID |
+
+Retrieves the context of the specified selection atom object.
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetSelectionDataContext | 20 | AtomID |
+
+Retrieves the context of the selection data from the current selection owner
+(*x_application_data* object).
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxListSelections | 21 | None |
+
+Lists the selection atom object and data contexts associated with this display.
+The main difference in the listings is that when (for example) the *PRIMARY*
+selection atom is polyinstantiated, multiple entries can returned. One has the
+context of the atom itself, and one entry for each process (or x-client) that
+has an active polyinstantiated entry, for example:
+
+Atom: PRIMARY - label defined in the *x_contexts* file (this is also for
+non-poly listing):
+
+- Object Context: *system_u:object_r:primary_xselection_t*
+- Data Context: *system_u:object_r:primary_xselection_t*
+
+Atom: PRIMARY - Labels for client 1:
+
+- Object Context: *system_u:object_r:x_select_paste1_t*
+- Data Context: *system_u:object_r:x_select_paste1_t*
+
+Atom: PRIMARY - Labels for client 2:
+
+- Object Context: *system_u:object_r:x_select_paste2_t*
+- Data Context: *system_u:object_r:x_select_paste2_t*
+
+| Function Name | Minor Parameters | Opcode |
+| --------------------------------- | ---------------- | --------------------- |
+| XSELinuxGetClientContext | 22 | ResourceID |
+
+Retrieves the client context of the specified ResourceID.
**Table 12: The XSELinux Extension Functions** - *Supported by the object
manager as X-protocol extensions. Note that some functions will return
@@ -402,9 +401,6 @@ the default contexts, while others (2, 6, 9, 11, 16, 18) will not return
a value unless one has been set the the appropriate function (1, 5, 8,
10, 15, 17) by an SELinux-aware application.*
-
-<br>
-
<!-- %CUTHERE% -->
---
next prev parent reply other threads:[~2020-08-04 1:33 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-04 1:33 [RFC,selinux-notebook PATCH 00/18] markdown conversions and cleanups Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 01/18] build: explicitly enable pandoc pipe_tables Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 02/18] css: identify table layout hacks Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 03/18] css: style improvements Paul Moore
2020-08-04 1:33 ` Paul Moore [this message]
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 05/18] xperm_rules: fully convert to markdown Paul Moore
2020-08-04 16:14 ` Richard Haines
2020-08-06 2:34 ` Paul Moore
2020-08-06 10:07 ` Richard Haines
2020-08-06 21:49 ` Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 06/18] xen_statements: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 07/18] vm_support: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 08/18] user_statements: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 09/18] userspace_libraries: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 10/18] type_statements: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 11/18] postgresql: update PostgreSQL SELinux Support section Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 12/18] all: remove all the <br> tags we haven't gotten to yet Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 13/18] all: unify example formatting (scripts, code, policy, etc) in markdown Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 15/18] all: consolidate multiple blank lines into one Paul Moore
2020-08-04 1:35 ` [RFC,selinux-notebook PATCH 16/18] kernel_policy_language: convert the footnotes to markdown Paul Moore
2020-08-04 1:35 ` [RFC,selinux-notebook PATCH 17/18] title: assorted updates Paul Moore
2020-08-04 1:35 ` [RFC,selinux-notebook PATCH 18/18] x_windows: don't call table 12 a table Paul Moore
2020-08-04 10:31 ` [RFC,selinux-notebook PATCH 00/18] markdown conversions and cleanups Richard Haines
2020-08-06 1:58 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=159650482221.8961.7779250010228783136.stgit@sifl \
--to=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.