On Mon, 2006-10-09 at 21:57 -0400, Gene Czarcinski wrote:
On Monday 09 October 2006 21:22, Joshua Brindle wrote:
> Gene Czarcinski wrote:
> > On Monday 09 October 2006 10:05, Christopher J. PeBenito wrote:
> >
> >
> >>> I assume that strict mode should be capable of running X ... true or
> >>> false?
> >>>
> >>
> >> Strictly speaking (no pun intended) yes, since it does have the xserver
> >> module. In reality, it probably still has issues since very few desktop
> >> users want a strict policy, so it is untested.
> >>
> >
> > While a server may not have a good display directly attached, it would be
> > useful to run X remotely since some of the system configuration tools are
> > gui only ... for example, selinux.
> >
>
> running X apps that are exported to a remote machine isn't the same
> thing as running an Xserver on the local machine.
Yes, but I was told not to install X (it was not supported). If it is "only"
the running of Xserver that is not supported with strict or mls policies,
then I can live with that. However, running Xserver will need to be
supported to be competitive with TSOL.
I believe that you are confusing "supported" w.r.t. Red Hat and
"supported" w.r.t. SELinux itself. I believe Red Hat only supports the
strict policy on RHEL and only with a support contract. I'm guessing it
will probably be same for the MLS/LSPP policy.
As for SELinux in general, X servers can work on the strict policy, it
just hasn't had much testing with the 2.* (reference policy-based)
policies.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150