SELinux with omarine policy: Gnome terminal: Fixing the security context


(1 comment)

Gnome terminal is GNOME terminal emulator. It works based on Gnome terminal server using dbus. By default, the bus is the system bus, so if you are currently using seuser user_u with the complete context as user_u:user_r:user_t:SystemLow(s0), you will see the Gnome terminal server running in init_t domain with complete context as follows:

And the current process is in the context system_u:system_r:sysadm_t:SystemLow. Therefore, the terminal process is not the same context for the seuser. That is not desirable. In particular, system_u is never mapped to any Linux user.

Fixing the security context

To fix above, the bus must be the session bus. You need to modify the /usr/share/xsessions/gnome.desktop file, replacing the gnome-session command with the dbus-launch --exit-with-session gnome-session command at the Exec line:

sudo sed -i '/^Exec/c Exec=dbus-launch --exit-with-session gnome-session' \
/usr/share/xsessions/gnome.desktop


Context is now correct:

Have fun!

Currently unrated

Comments

Collin 1 year, 1 month ago

But iif convenience 's what you would like then this may be the means for you.

The installation service is more expensive than performing it
yourself but worthwhile all in the long run. It a very good idea your old carpet
ought to be vacuum cleaned in order that dusts might be eliminated before it's removed. https://www.ishaah.com/flooring-contractors-near-me-san-francisco-ca

Link | Reply
Currently unrated

New Comment

required

required (not published)

optional

required


What is 3 × 9?

required