[DSE-Dev] Bug#1070039: there's an unused module for window managers
Sarah M
sarah.m07899 at gmail.com
Sat Nov 1 15:47:39 GMT 2025
On my system gnome-shell is getting launched as unconfined_t, but
inspecting the default policy source shows that theres already a window
manager module (wm.te, wm.fc, wm.if):
https://sources.debian.org/src/refpolicy/2%3A2.20250213-11/policy/modules/apps/wm.te
which does give the execmem permission among other things, but only for
wm_domain.
The problem then is that gnome-shell is being launched as unconfined
instead of wm_domain.
My selinux is rusty but if I fix it I will post a solution. Then we don't
have to allow execmem for everything.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/selinux-devel/attachments/20251101/408f5851/attachment.htm>
More information about the SELinux-devel
mailing list