Scriptum
5th July 2011, 02:44 PM
I'm using the MLS policy in the operating system Red Hat 6.0. I successfully installed MLS policy (selinux-policy-mls), the operating system boots properly in enforcing mode with MLS. However usind GUI (Gnome) with MLS has following problems:
- user "test" has the access levels s0-s3 (granted by admin). But user "test" can't change his level of access from s0 to s1 using the command "newrole" in gnome-terminal even if I add this terminal into securetty config.
- it's possible to boot system in permissive mode, open the terminal in Gnome and by command "newrole -l s1-s1" chande user's level (in this terminal session). But when I change SELinux mode to enforcing, user with s1 level can't run any GUI application: MLS policy prevent acess to X Server (so application can't find X Server) because X server has mls-level s0.
How to avoid these limitations: I want to use MLS policy and be able to change security levels in Gnome desktop environment.
- user "test" has the access levels s0-s3 (granted by admin). But user "test" can't change his level of access from s0 to s1 using the command "newrole" in gnome-terminal even if I add this terminal into securetty config.
- it's possible to boot system in permissive mode, open the terminal in Gnome and by command "newrole -l s1-s1" chande user's level (in this terminal session). But when I change SELinux mode to enforcing, user with s1 level can't run any GUI application: MLS policy prevent acess to X Server (so application can't find X Server) because X server has mls-level s0.
How to avoid these limitations: I want to use MLS policy and be able to change security levels in Gnome desktop environment.
