Information about XSELinux

Information about XSELinux

[Ole Kliemann]

[-- Attachment #1: Type: text/plain, Size: 467 bytes --]

Hi everyone!

I'm desperately trying to implement proper privilege seperation 
while using X.

Currently I'm looking into XSELinux but am having a really hard 
time finding any information, documention etc.

What's the development status?
Where can I get it?
Is it included in any major distributions? (Currently using 
Ubuntu 12.04)

Any hint on where to find information would be highly 
appreciated!

Many thanks in advance and best regards,
Ole

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Information about XSELinux

[Russell Coker]

On Tue, 17 Jul 2012, Ole Kliemann <ole@plastictree.net> wrote:
> Is it included in any major distributions? (Currently using 
> Ubuntu 12.04)

Unless Ubuntu have done some significant enhancements over my Debian work 
without telling me then it's not going to work.

It's something I want to do though, hopefully by Wheezy+1.


-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about XSELinux

[Ole Kliemann]

[-- Attachment #1: Type: text/plain, Size: 744 bytes --]

On Tue, Jul 17, 2012 at 04:23:14AM +1000, Russell Coker wrote:
> On Tue, 17 Jul 2012, Ole Kliemann <ole@plastictree.net> wrote:
> > Is it included in any major distributions? (Currently using 
> > Ubuntu 12.04)
> 
> Unless Ubuntu have done some significant enhancements over my Debian work 
> without telling me then it's not going to work.

I'm no expert, but as far as I can tell, it's just not there in 
Ubuntu.

I understood from a bug report on this list that it's included in 
Fedora. So I installed it on a test system and could reproduce 
the bug (X server fails to start when xserver_object_manager is 
set). 

I'm willing to switch to whatever distribution is providing the 
means to seperate user contexts under X.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Information about XSELinux

[James Carter]

On Mon, 2012-07-16 at 18:10 +0200, Ole Kliemann wrote:
> Hi everyone!
> 
> I'm desperately trying to implement proper privilege seperation 
> while using X.
> 
> Currently I'm looking into XSELinux but am having a really hard 
> time finding any information, documention etc.
> 

Some of this could be out of date, but it should get you started.

http://www.nsa.gov/research/_files/selinux/papers/xorg07-abs.shtml
http://www.x.org/releases/X11R7.5/doc/security/XACE-Spec.html
http://selinuxproject.org/page/NB_XWIN
http://selinuxproject.org/page/Experimenting_With_X-Windows#Calling_the_XSELinux_Functions

> What's the development status?
> Where can I get it?
> Is it included in any major distributions? (Currently using 
> Ubuntu 12.04)
> 

It is in Fedora.
Enable the xserver_object_manager_boolean (setsebool -P
xserver_object_manager=1) and restart the X server.

The file /etc/selinux/POLICY/contexts/x_contexts contains an X event to
context mapping.

The xserver module contains the current policy for the X server.

-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about XSELinux

[Stephen Smalley]

On Tue, 2012-07-17 at 00:18 +0200, Ole Kliemann wrote:
> On Tue, Jul 17, 2012 at 04:23:14AM +1000, Russell Coker wrote:
> > On Tue, 17 Jul 2012, Ole Kliemann <ole@plastictree.net> wrote:
> > > Is it included in any major distributions? (Currently using 
> > > Ubuntu 12.04)
> > 
> > Unless Ubuntu have done some significant enhancements over my Debian work 
> > without telling me then it's not going to work.
> 
> I'm no expert, but as far as I can tell, it's just not there in 
> Ubuntu.
> 
> I understood from a bug report on this list that it's included in 
> Fedora. So I installed it on a test system and could reproduce 
> the bug (X server fails to start when xserver_object_manager is 
> set). 
> 
> I'm willing to switch to whatever distribution is providing the 
> means to seperate user contexts under X.

XSELinux is included in Fedora, but they don't enable it by default so
it doesn't get much testing.  They took a different approach for
isolating X applications via nested Xephyr servers in their sandbox
tool.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about XSELinux

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/19/2012 09:29 AM, Stephen Smalley wrote:
> On Tue, 2012-07-17 at 00:18 +0200, Ole Kliemann wrote:
>> On Tue, Jul 17, 2012 at 04:23:14AM +1000, Russell Coker wrote:
>>> On Tue, 17 Jul 2012, Ole Kliemann <ole@plastictree.net> wrote:
>>>> Is it included in any major distributions? (Currently using Ubuntu
>>>> 12.04)
>>> 
>>> Unless Ubuntu have done some significant enhancements over my Debian
>>> work without telling me then it's not going to work.
>> 
>> I'm no expert, but as far as I can tell, it's just not there in Ubuntu.
>> 
>> I understood from a bug report on this list that it's included in Fedora.
>> So I installed it on a test system and could reproduce the bug (X server
>> fails to start when xserver_object_manager is set).
>> 
>> I'm willing to switch to whatever distribution is providing the means to
>> seperate user contexts under X.
> 
> XSELinux is included in Fedora, but they don't enable it by default so it
> doesn't get much testing.  They took a different approach for isolating X
> applications via nested Xephyr servers in their sandbox tool.
> 

My opinion is that XAce or XSELinux works ok with the MLS model, but not with
the type enforcement model.  In my opinion isolating applications within the
own sandbox/containers is a simpler and more sustainable approach.

XClients that get a permission denied, are likely to misbehave (die) since
they were coded with the assumption that they either get full access to X or
no access to X.

Finally trying to write confinement policy for a type enforcement model on X
is very difficult, how do I isolate two instances of firefox?  If Firefox
execs a open office, how does this libreoffice interact with the existing
libreoffice that might be running under a different context.  How does
cut/paste work, how about one window obscuring another, transparent windows
...  Way too complicated.  Sandbox model is just total separation.  They do
not even know the other apps exist.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAIFUEACgkQrlYvE4MpobNosQCfWwKjjPONs5WHNbDGit3NYGXt
iegAn1mav7HlS21m5q89xy47pXDXpw8x
=fZVQ
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about XSELinux

[Ole Kliemann]

[-- Attachment #1: Type: text/plain, Size: 3266 bytes --]

On Thu, Jul 19, 2012 at 10:10:09AM -0400, Daniel J Walsh wrote:
> On 07/19/2012 09:29 AM, Stephen Smalley wrote:
> > XSELinux is included in Fedora, but they don't enable it by default so it
> > doesn't get much testing.  They took a different approach for isolating X
> > applications via nested Xephyr servers in their sandbox tool.
> > 
> 
> My opinion is that XAce or XSELinux works ok with the MLS model, but not with
> the type enforcement model.  In my opinion isolating applications within the
> own sandbox/containers is a simpler and more sustainable approach.
> 
> XClients that get a permission denied, are likely to misbehave (die) since
> they were coded with the assumption that they either get full access to X or
> no access to X.
> 
> Finally trying to write confinement policy for a type enforcement model on X
> is very difficult, how do I isolate two instances of firefox?  If Firefox
> execs a open office, how does this libreoffice interact with the existing
> libreoffice that might be running under a different context.  How does
> cut/paste work, how about one window obscuring another, transparent windows
> ...  Way too complicated.  Sandbox model is just total separation.  They do
> not even know the other apps exist.

Xephyr is what I have been using so far under Ubuntu. I don't 
know how it runs under Fedora, but I notice here a performance 
decrease. Sluggish cursor, sluggish scrolling etc. 

So I wanted to get away from this. But I think my goals are 
simple.

Right now I have one (standard linux) user as main user and 
several (standard linux) users as subusers. I have a suid root 
program that checks a database on disk and allows the main user 
to drop privileges to one of his subusers. I use a subuser for 
each job (mail, browser, writing etc.).

Seperation under X is achieved using "terminal-chains" (mainuser 
starts a subuser with X access who starts a terminal and a 
subuser of his own with no X access who than runs the shell 
inside the terminal - an idea my brother had years ago), or using 
"xephyr-chains" which I think is more or less how sandbox does 
it.

Terminal-chains are fast but have no X, xephyr-chains have X but 
lose performance.

What I want to do is to extend the standard linux user seperation 
to X. Assign the mainuser and every subuser a context and then 
make sure X-applications in one context can't mess with those in 
other contexts. Selinux here has only to make sure X is secured. 
I'll still be using different linux users for every context.

I don't need no "fancy stuff" like automatic domain transitions 
using certain applications as entrypoints. I can perfectly 
understand the beauty of this in an integrated desktop 
environment. But something in my wants simplicity when it comes 
to security concepts. ;-)

I'm not exactly sure how MLS works, but I'd intuitively would 
say, my approach is more MLS-like because change of privileges 
only goes in one direction. Privileges are only dropped, never 
gained. (Mainuser drops to subuser, subuser never elevates back 
to mainuser or any other subuser.)

I started working on a policy for X using TE. Do you think, what 
I want could be better expressed in MLS?

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Information about XSELinux

[Russell Coker]

On Fri, 20 Jul 2012, Ole Kliemann <ole@plastictree.net> wrote:
> I'm not exactly sure how MLS works, but I'd intuitively would 
> say, my approach is more MLS-like because change of privileges 
> only goes in one direction. Privileges are only dropped, never 
> gained. (Mainuser drops to subuser, subuser never elevates back 
> to mainuser or any other subuser.)
> 
> I started working on a policy for X using TE. Do you think, what 
> I want could be better expressed in MLS?

MLS is about sensitivity levels of data with a theoretical model of allowing 
processes with a high clearance to read data of a low sensitivity so data can 
migratre to a higher classification.  While that could be used for standard X 
access control it probably isn't what most people want.  What you probably 
want is for example to have mozilla_t not be able to mess with X apps running 
as user_t or unconfined_t.

In terms of MLS and X access controls I guess you could have different ssh 
servers configured to have different levels and then run "ssh -X" (or "ssh -Y" 
- how does that interact with X access controls) to each of the servers from a 
different level and therefore not allow processes from server A to mess with 
processes from server B via X on your workstation.

On Tue, 24 Jul 2012, Ole Kliemann <ole@plastictree.net> wrote:
> I'm running X in enforcing too now with a simple setup. There is 
> a domain for every job (browser, mail, ...). These domains can't 
> access each other. The WM has access to all of them. Copy/paste 
> works like a charm with every domain having its own cutbuffer and 
> a small script called from the WM to copy the cutbuffer to other 
> domains.
> 
> Of course I had to allow some things in X that I do not fully 
> understand. But there is definitely no more sending synthetic 
> input events to foreign windows and no more keylogging.

Could you blog about all the details?

I've wanted to get X access control in Debian for a while.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about XSELinux

[Ole Kliemann]

[-- Attachment #1: Type: text/plain, Size: 2348 bytes --]

On Fri, Jul 27, 2012 at 02:02:15PM +1000, Russell Coker wrote:
> Could you blog about all the details?
> 
> I've wanted to get X access control in Debian for a while.

Sure! I'm just not sure how helpful it's gonna be, because my 
policy is from scratch and pretty specialised for me. I'm scared 
of the reference policy and frankly believe it's faster for me to 
write the things I need from scratch than to find out how to do 
this within the reference policy.

Of course I could use the reference policy as a base and write 
only my stuff for user separation under X from scratch. But here 
Ubuntu comes into play. I have to admit I haven't extensively 
tested SELinux under Ubuntu, but I did look quite old. And from 
what I read, AppArmor is the supported LSM under Ubuntu and one 
should not expect much support for SELinux.

I need something that is either maintained actively or can be 
maintained by myself with minimal effort. Neither applies to 
reference policy under Ubuntu. I wouldn't want to leave Ubuntu 
unless neccessary, so I'm writing from scratch.

Besides, I have some doubts about the underlying paradigm of a 
security policy that gets _that_ complicated. But that's nothing 
I really thought through so far.


Getting X11 with XSELinux was pretty easy actually. I just got 
the source package, changed 'debian/rules' replacing the 
'--disable-selinux' with '--enable-selinux' and build and 
installed the package. Did 'setsebool -P xserver_object_manager 
true' and XSELinux was good to go.

I then wrote a monolithic policy. I still use traditional linux 
users to separate the different contexts I work with (mail, 
browser, ...), like I have done for years. But instead of using 
the crappy trusted/untrusted-model of the old SECURITY extension, 
I separated the user contexts under X using SELinux.

So I specificly target only user contexts and only the X-portion 
of access vectors. I could send you this policy, but it's messy 
and probably useless to you.

I'm currently writing a new, modular policy targeting some system 
daemons and separating my user contexts by SELinux without the 
need for traditional linux users. I can tell you when it's done. 
But again, it will be pretty specialised for my needs.

Was there anything specific you wanted to know?

Ole

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Information about XSELinux

[Ole Kliemann]

[-- Attachment #1: Type: text/plain, Size: 1371 bytes --]

On Mon, Jul 23, 2012 at 09:12:37AM -0500, Ted Toth wrote:
> FWIW we have a custom distro of RHEL 6 running MLS policy with X in
> enforcing however as you might imagine getting all of this working was
> non-trival. Because of schedule/budget/complexity we do not run GNOME
> but rather Openbox, fbpanel and idesk all of which we wrote policy
> for. Many apps (Firefox, OpenOffice) require policy tweeks with many
> of those due to our particular security requirements. We have dozens
> of custom X applications all of which require policy modules. Getting
> things like copy/paste to work under MLS is particularly challenging
> because of lack of visibility into what the X server (XACE) is doing.

I'm running X in enforcing too now with a simple setup. There is 
a domain for every job (browser, mail, ...). These domains can't 
access each other. The WM has access to all of them. Copy/paste 
works like a charm with every domain having its own cutbuffer and 
a small script called from the WM to copy the cutbuffer to other 
domains.

Of course I had to allow some things in X that I do not fully 
understand. But there is definitely no more sending synthetic 
input events to foreign windows and no more keylogging.

Do you know of any documentation that lists all things in the X 
protocol and their possible security implications? 

Ole

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Information about XSELinux

[Ted Toth]

On Thu, Jul 19, 2012 at 12:01 PM, Richard Haines
<richard_c_haines@btinternet.com> wrote:
> Because the XSELinux extension is now in xorg source this is where the bug is located. I think it is an isolated case as the Xi services had been extended to introduce device ids 0 & 1 that are not real device IDs, this caused XSELinux a problem as they do not have devPrivates which means no context can be applied - hence crash.
>
> When X is built, xorg do check for errors in XSELinux as they have fixed an selabel_open problem.
>
> Richard
>
> --- On Thu, 19/7/12, Ole Kliemann <ole@plastictree.net> wrote:
>
>> From: Ole Kliemann <ole@plastictree.net>
>> Subject: Re: Information about XSELinux
>> To: "Richard Haines" <richard_c_haines@btinternet.com>
>> Cc: selinux@tycho.nsa.gov
>> Date: Thursday, 19 July, 2012, 15:18
>> Thanks Richard, your X-setest tool is
>> quite helpful to understand
>> what's going on.
>>
>> Under Ubuntu I compiled the xserver-xorg package and
>> manually
>> enabled --enable-selinux. Now it's working here. (They are
>> at
>> 1.11.4). I'm now writing a simple policy from scratch to
>> extend
>> traditional linux user seperation to X.
>>
>> I have one question though: This bug that appears under
>> Fedora
>> and crashes the Xserver, is that a bug in the xorg sources
>> or
>> something that came with patches from Fedora?
>>
>> And how often have things like this happend in the past? I'm
>>
>> planing on using this on a production system and ask myself
>> how
>> careful I will have to be with updates to xorg in the
>> future.
>>
>> On Tue, Jul 17, 2012 at 03:22:46PM +0100, Richard Haines
>> wrote:
>> > I've attached some updated XSELinux information that
>> I've been working on for the next version of the SELinux
>> Notebook (old XSELinux stuff at: http://selinuxproject.org/page/NB_XWIN).
>> >
>> > The XSELinux module is in the X source and always
>> included with Fedora - I don't use other distributions so
>> don't know whether they enable it in their builds or not. If
>> they do build it, then you need the reference policy modules
>> and then enable the xserver boolean as follows:
>> >
>> >      setsebool xserver_object_manager true
>> >
>> > I'm not sure what the current development status is but
>> I've submitted a couple of patches (the last one for
>> xorg-x11-server-1.12.2 as it core dumps when XSELinux is
>> enabled with the above boolean).
>> >
>> > I've written a few apps to 'play with XSELinux' that
>> are mentioned in the text. Let me know if you would like the
>> source (tested on Fedora 16/17).
>> >
>> > I have not really done anything with the XSELinux
>> reference policy modules as they come with Fedora and seem
>> to work (well for my limited use anyway).
>> >
>> > Richard
>> >
>> > --- On Mon, 16/7/12, Ole Kliemann <ole@plastictree.net>
>> wrote:
>> >
>> > > From: Ole Kliemann <ole@plastictree.net>
>> > > Subject: Information about XSELinux
>> > > To: selinux@tycho.nsa.gov
>> > > Date: Monday, 16 July, 2012, 17:10
>> > > Hi everyone!
>> > >
>> > > I'm desperately trying to implement proper
>> privilege
>> > > seperation
>> > > while using X.
>> > >
>> > > Currently I'm looking into XSELinux but am having
>> a really
>> > > hard
>> > > time finding any information, documention etc.
>> > >
>> > > What's the development status?
>> > > Where can I get it?
>> > > Is it included in any major distributions?
>> (Currently using
>> > >
>> > > Ubuntu 12.04)
>> > >
>> > > Any hint on where to find information would be
>> highly
>> > > appreciated!
>> > >
>> > > Many thanks in advance and best regards,
>> > > Ole
>> > >
>>
>>
>>
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.

FWIW we have a custom distro of RHEL 6 running MLS policy with X in
enforcing however as you might imagine getting all of this working was
non-trival. Because of schedule/budget/complexity we do not run GNOME
but rather Openbox, fbpanel and idesk all of which we wrote policy
for. Many apps (Firefox, OpenOffice) require policy tweeks with many
of those due to our particular security requirements. We have dozens
of custom X applications all of which require policy modules. Getting
things like copy/paste to work under MLS is particularly challenging
because of lack of visibility into what the X server (XACE) is doing.

Ted


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about XSELinux

[Richard Haines]

Because the XSELinux extension is now in xorg source this is where the bug is located. I think it is an isolated case as the Xi services had been extended to introduce device ids 0 & 1 that are not real device IDs, this caused XSELinux a problem as they do not have devPrivates which means no context can be applied - hence crash.

When X is built, xorg do check for errors in XSELinux as they have fixed an selabel_open problem.

Richard

--- On Thu, 19/7/12, Ole Kliemann <ole@plastictree.net> wrote:

> From: Ole Kliemann <ole@plastictree.net>
> Subject: Re: Information about XSELinux
> To: "Richard Haines" <richard_c_haines@btinternet.com>
> Cc: selinux@tycho.nsa.gov
> Date: Thursday, 19 July, 2012, 15:18
> Thanks Richard, your X-setest tool is
> quite helpful to understand 
> what's going on.
> 
> Under Ubuntu I compiled the xserver-xorg package and
> manually 
> enabled --enable-selinux. Now it's working here. (They are
> at 
> 1.11.4). I'm now writing a simple policy from scratch to
> extend 
> traditional linux user seperation to X.
> 
> I have one question though: This bug that appears under
> Fedora 
> and crashes the Xserver, is that a bug in the xorg sources
> or 
> something that came with patches from Fedora?
> 
> And how often have things like this happend in the past? I'm
> 
> planing on using this on a production system and ask myself
> how 
> careful I will have to be with updates to xorg in the
> future.
> 
> On Tue, Jul 17, 2012 at 03:22:46PM +0100, Richard Haines
> wrote:
> > I've attached some updated XSELinux information that
> I've been working on for the next version of the SELinux
> Notebook (old XSELinux stuff at: http://selinuxproject.org/page/NB_XWIN).
> > 
> > The XSELinux module is in the X source and always
> included with Fedora - I don't use other distributions so
> don't know whether they enable it in their builds or not. If
> they do build it, then you need the reference policy modules
> and then enable the xserver boolean as follows:
> > 
> >      setsebool xserver_object_manager true
> > 
> > I'm not sure what the current development status is but
> I've submitted a couple of patches (the last one for
> xorg-x11-server-1.12.2 as it core dumps when XSELinux is
> enabled with the above boolean).
> > 
> > I've written a few apps to 'play with XSELinux' that
> are mentioned in the text. Let me know if you would like the
> source (tested on Fedora 16/17).
> > 
> > I have not really done anything with the XSELinux
> reference policy modules as they come with Fedora and seem
> to work (well for my limited use anyway).
> > 
> > Richard
> > 
> > --- On Mon, 16/7/12, Ole Kliemann <ole@plastictree.net>
> wrote:
> > 
> > > From: Ole Kliemann <ole@plastictree.net>
> > > Subject: Information about XSELinux
> > > To: selinux@tycho.nsa.gov
> > > Date: Monday, 16 July, 2012, 17:10
> > > Hi everyone!
> > > 
> > > I'm desperately trying to implement proper
> privilege
> > > seperation 
> > > while using X.
> > > 
> > > Currently I'm looking into XSELinux but am having
> a really
> > > hard 
> > > time finding any information, documention etc.
> > > 
> > > What's the development status?
> > > Where can I get it?
> > > Is it included in any major distributions?
> (Currently using
> > > 
> > > Ubuntu 12.04)
> > > 
> > > Any hint on where to find information would be
> highly 
> > > appreciated!
> > > 
> > > Many thanks in advance and best regards,
> > > Ole
> > >
> 
> 
> 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Information about XSELinux

[Ole Kliemann]

[-- Attachment #1: Type: text/plain, Size: 2612 bytes --]

Thanks Richard, your X-setest tool is quite helpful to understand 
what's going on.

Under Ubuntu I compiled the xserver-xorg package and manually 
enabled --enable-selinux. Now it's working here. (They are at 
1.11.4). I'm now writing a simple policy from scratch to extend 
traditional linux user seperation to X.

I have one question though: This bug that appears under Fedora 
and crashes the Xserver, is that a bug in the xorg sources or 
something that came with patches from Fedora?

And how often have things like this happend in the past? I'm 
planing on using this on a production system and ask myself how 
careful I will have to be with updates to xorg in the future.

On Tue, Jul 17, 2012 at 03:22:46PM +0100, Richard Haines wrote:
> I've attached some updated XSELinux information that I've been working on for the next version of the SELinux Notebook (old XSELinux stuff at: http://selinuxproject.org/page/NB_XWIN).
> 
> The XSELinux module is in the X source and always included with Fedora - I don't use other distributions so don't know whether they enable it in their builds or not. If they do build it, then you need the reference policy modules and then enable the xserver boolean as follows:
> 
>      setsebool xserver_object_manager true
> 
> I'm not sure what the current development status is but I've submitted a couple of patches (the last one for xorg-x11-server-1.12.2 as it core dumps when XSELinux is enabled with the above boolean).
> 
> I've written a few apps to 'play with XSELinux' that are mentioned in the text. Let me know if you would like the source (tested on Fedora 16/17).
> 
> I have not really done anything with the XSELinux reference policy modules as they come with Fedora and seem to work (well for my limited use anyway).
> 
> Richard
> 
> --- On Mon, 16/7/12, Ole Kliemann <ole@plastictree.net> wrote:
> 
> > From: Ole Kliemann <ole@plastictree.net>
> > Subject: Information about XSELinux
> > To: selinux@tycho.nsa.gov
> > Date: Monday, 16 July, 2012, 17:10
> > Hi everyone!
> > 
> > I'm desperately trying to implement proper privilege
> > seperation 
> > while using X.
> > 
> > Currently I'm looking into XSELinux but am having a really
> > hard 
> > time finding any information, documention etc.
> > 
> > What's the development status?
> > Where can I get it?
> > Is it included in any major distributions? (Currently using
> > 
> > Ubuntu 12.04)
> > 
> > Any hint on where to find information would be highly 
> > appreciated!
> > 
> > Many thanks in advance and best regards,
> > Ole
> >



[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]