Hi Eric,
First and foremost, I would use RHEL 6.4 because their has been some important MLS policy
improvements since 6.2, but even then, run level 5 multi-level logins don't yet really
work.
If you're familiar with Trusted Solaris / Trusted Extensions, multilevel GUIs are
quite complex and SELinux isn't quite there yet. That being said, I'm happy to see
someone else interested in this area.
Let me know if you're really interested and I can send you more details with what I
have "working" thus far.
Cheers,
Doug
From: <Anschuetz>, "<Eric R CTR NAWCTSD>", "4.6.2"
<eric.r.anschuetz.ctr@navy.mil<mailto:eric.r.anschuetz.ctr@navy.mil>>
Date: Thursday, 13 June 2013 11:02 PM
To:
"selinux@lists.fedoraproject.org<mailto:selinux@lists.fedoraproject.org>"
<selinux@lists.fedoraproject.org<mailto:selinux@lists.fedoraproject.org>>
Subject: GNOME Running with MLS
Hey all,
For the past week or so I've been attempting to get MLS running with a graphical
environment on RHEL 6.2, but I can't seem to figure out how a user with an elevated
level (say, a user running at level s2) can log in graphically. Users running at level s0
work fine. I've tried giving gnome and X binaries in /usr/bin s0-s15 privileges, but
still immediately get booted out after attempting to login. Even if I'm in permissive
mode and login, running setenforce 1 will immediately log me out and prevent me from
logging back in.
I guess in short I'm wondering--does anyone have any tips for running a desktop
environment with MLS?
Thanks!
Eric