Bug#274197: under selinux there's access to log files by users which are created by kdm
please could the same be done to kdm as has been done to gdm, namely
that when a user session is started, a different log file is used for
the user session from the one that is created by kdm?
the reason is because in order to allow access to the
kdm-created-log-file, far too many permissions must be granted to users.
namely, the permission to write to ANY files created by kdm must be
granted, for a start.
On Wed, 2004-09-29 at 18:32 +0200, Thomas Bleher wrote:
> I have a question about access to xdm_t:
> With KDM 3.3 I am seeing a lot of accesses to xdm_t:fd and
> xdm_t:fifo_file from user processes (say user_lpr_t and user_gpg_t)
For Fedora we modified GDM to log the X session errors to
/tmp/xses-$USER.$RANDOM, you could probably do something similar with
> Should these be allowed?
> If yes, should xdm_t get the attribute privfd?
I think it'd be better to move the X errors to /tmp. It's more
NFS-homedir friendly anyways.
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to firstname.lastname@example.org with
the words "unsubscribe selinux" without quotes as the message.
-- System Information:
Debian Release: testing/unstable
Kernel: Linux highfield 2.6.7-selinux1 #7 Wed Sep 8 17:46:33 BST 2004 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages kdm depends on:
ii debconf 1.4.25 Debian configuration management sy
ii kdebase-bin 4:3.3.0-1.1 KDE Base (binaries)
ii kdelibs4 4:3.3.0-1.1 KDE core libraries
ii libart-2.0-2 2.3.16-5 Library of functions for 2D graphi
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
ii libfam0c102 2.7.0-5 client library to control the FAM
ii libgcc1 1:3.5-0pre1 GCC support library
ii libice6 4.3.0.dfsg.1-6 Inter-Client Exchange library
ii libidn11 0.5.2-2 GNU libidn library, implementation
ii libncurses5 5.4-3 Shared libraries for terminal hand
ii libpam-runtime 0.77-0.se5 Runtime support for the PAM librar
ii libpam0g 0.77-0.se5 Pluggable Authentication Modules l
ii libpng12-0 220.127.116.11-6 PNG library - runtime
ii libqt3c102-mt 3:3.3.3-4 Qt GUI Library (Threaded runtime v
ii libselinux1 1.16-0.1 SELinux shared libraries
ii libsm6 4.3.0.dfsg.1-6 X Window System Session Management
ii libstdc++5 1:3.3.4-11 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-6 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-6 X Window System miscellaneous exte
ii libxrender1 0.8.3-5 X Rendering Extension client libra
ii libxtst6 4.3.0-5 X Window System event recording an
ii xbase-clients 4.3.0-5 miscellaneous X clients
ii xlibs 4.3.0.dfsg.1-6 X Window System client libraries m
ii zlib1g 1:1.2.1-3 compression library - runtime
-- debconf information excluded