Re: GNOME Running with MLS

Hi Eric, First and foremost, I would use RHEL 6.4 because their has been some important MLS policy improvements since 6.2, but even then, run level 5 multi-level logins don't yet really work. If you're familiar with Trusted Solaris / Trusted Extensions, multilevel GUIs are quite complex and SELinux isn't quite there yet. That being said, I'm happy to see someone else interested in this area. Let me know if you're really interested and I can send you more details with what I have "working" thus far. Cheers, Doug From: <Anschuetz>, "<Eric R CTR NAWCTSD>", "4.6.2" <eric.r.anschuetz.ctr@navy.mil<mailto:eric.r.anschuetz.ctr@navy.mil>> Date: Thursday, 13 June 2013 11:02 PM To: "selinux@lists.fedoraproject.org<mailto:selinux@lists.fedoraproject.org>" <selinux@lists.fedoraproject.org<mailto:selinux@lists.fedoraproject.org>> Subject: GNOME Running with MLS Hey all, For the past week or so I've been attempting to get MLS running with a graphical environment on RHEL 6.2, but I can't seem to figure out how a user with an elevated level (say, a user running at level s2) can log in graphically. Users running at level s0 work fine. I've tried giving gnome and X binaries in /usr/bin s0-s15 privileges, but still immediately get booted out after attempting to login. Even if I'm in permissive mode and login, running setenforce 1 will immediately log me out and prevent me from logging back in. I guess in short I'm wondering--does anyone have any tips for running a desktop environment with MLS? Thanks! Eric