sandbox in X11 root window on RHEL6
Daniel J Walsh
dwalsh at redhat.com
Tue Nov 9 20:51:19 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/09/2010 03:45 PM, Luc de Louw wrote:
> Dear all,
>
> I'm involved in a project which involves some hardened Linux clients. I
> plan to realize them with RHEL6 desktops.
>
> Recently I stumbled upon Dan Walsh's SELinux sandbox, which looks to fit
> and surpasses the security requirements and it is part of RHEL6.
>
> The goal is to run exactly one application in the X11 root window w/o
> authentication, this is done by the application.
>
> So, not gdm, kdm, xdm should run, no gnome-,kde- whatever-desktops apps
> and panels should be visible/accessible.
>
> Any hints on this?
>
> TIA for any advice,
>
> Luc
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
I think you just want to make your app the DISPLAYMANAGER.
Look at /etc/sysconfig/desktop and /etc/X11/prefdm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzZtEcACgkQrlYvE4MpobM5hQCguHcfdZepqBSMXdqydVe9gHql
fVsAn15Swn/87qLWqPsY/c3TTiiKVWuX
=EA13
-----END PGP SIGNATURE-----
More information about the selinux
mailing list