SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Sugg. for SELinux enabled Interpreters This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Russell Coker <russell_at_coker.com.au> Date: Sat, 23 Apr 2005 07:41:34 +1000 On Tuesday 25 January 2005 07:05, Jochen Schmitt <Jochen@herr-schmitt.de> wrote: > Hallo, > > I have bought a book about SELinux form O'Reilly. In this book it > was discussed, that some applications, like KDE have issues with > SELinux. > > On KDE the problem is the kdeinit process, which coused, that > SELinux can not distlinguish the diffent programms started by > kdeinit. Below is a message from Luke about this matter. In this example reconfiguring KDE is the better option. I've pasted the message because I have no net access at the moment and can't lookup a URL. We should get some bugs filed against kdeinit in all the distributions to make this an option that the administrator can configure permanently for the entire system. Also Fedora, RHEL, and any other distribution which gets SE Linux as the default install option should probably default to this. Subject: kdeinit Date: 2004-07-25 23:01 From: Luke Kenneth Casson Leighton <lkcl@lkcl.net> To: SE-Linux <selinux@tycho.nsa.gov> as you've seen, i sent a message to the kde-devel list, stephan kindly responded by saying that it's possible to disable kdeinit by defining KDE_IS_PRELINKED. i've modified startkde (possibly not the smartest thing to do) to have this at the top: #!/bin/sh # # DEFAULT KDE STARTUP SCRIPT ( KDE-3.2 ) # KDE_IS_PRELINKED=1 export KDE_IS_PRELINKED and voila, it appears that i end up saving about 30mbyte of virtual memory - something that _could_ save a lot of time on a system that is pushed for physical ram. so it's a trade-off between saving some virtual memory and saving some speed in the library pre-loading. ... but the important thing is that as far as SE/Linux is concerned it IS possible to remove kdeinit from the loop, and therefore it IS possible to write selinux policy files without kdeinit getting in the way. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 22 Apr 2005 - 19:26:04 EDT This message: [ Message body ] Next message: Russell Coker: "Re: SELinux Policy Editor and CAP_SYS_BOOT" Previous message: Paul Moore: "A small patch for auditd.te" In reply to: Jochen Schmitt: "Sugg. for SELinux enabled Interpreters" Next in thread: Luke Kenneth Casson Leighton: "Re: Sugg. for SELinux enabled Interpreters" Reply: Luke Kenneth Casson Leighton: "Re: Sugg. for SELinux enabled Interpreters" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom