Hi,
If most of your windows are sandboxed applications, your bar looks like:
[Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
and it is hard to find a specific application.
example of a current Xephyr title: Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
with the modification in the attached patch titles will look like:
/usr/bin/firefox (sandbox_web_t)
and it should be easier to find a specific application. In addition to the type I would find it handy to also include the DISPLAY in the title (needed when using xsel for copy'n paste).
The second patch only adds '-nolisten tcp' to Xephyr, but if there are use cases where one needs Xephyr to open a listener this patch will break thinks.
regards, Christoph A. btw: secon's manpage doesn't contain the '-l' option.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/21/2011 08:01 AM, Christoph A. wrote:
Hi,
If most of your windows are sandboxed applications, your bar looks like:
[Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
and it is hard to find a specific application.
example of a current Xephyr title: Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
with the modification in the attached patch titles will look like:
/usr/bin/firefox (sandbox_web_t)
and it should be easier to find a specific application. In addition to the type I would find it handy to also include the DISPLAY in the title (needed when using xsel for copy'n paste).
Thanks, I like this a lot. I do know if there is a way to change the label from within Xephyr, since we don not know the DISPLAY at the time we are setting the label.
F16 will have this change, and I will begin back porting to F14,F15, and probably RHEL.
The second patch only adds '-nolisten tcp' to Xephyr, but if there are use cases where one needs Xephyr to open a listener this patch will break thinks.
I am adding this also, since it is more secure. I do not know of anything that will break.
regards, Christoph A. btw: secon's manpage doesn't contain the '-l' option.
Turns out this has been deprecated anyways. -m or -s should have been used.
Thanks for the patches.
Applied in policycoreutils-2.0.86-6.fc16
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
Hi,
If most of your windows are sandboxed applications, your bar looks like:
[Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
and it is hard to find a specific application.
example of a current Xephyr title: Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
with the modification in the attached patch titles will look like:
/usr/bin/firefox (sandbox_web_t)
and it should be easier to find a specific application. In addition to the type I would find it handy to also include the DISPLAY in the title (needed when using xsel for copy'n paste).
Thanks, I like this a lot.
Thanks for accepting these little patches.
The attached patch changes the window title a little more to display the program name instead of the full path to the executable.
old: /usr/bin/firefox (sandbox_web_t) /usr/bin/evince '/tmp/foobar.pdf' (sandbox_x_t)
after applying the patch titles look like the following: firefox (sandbox_web_t) evince (sandbox_x_t)
I do know if there is a way to change the label from within Xephyr, since we don not know the DISPLAY at the time we are setting the label.
I played a bit with 'xprop'. I was able to modify the title from outside the sandbox but not from within. I think it is not possible to change it from within the sandbox because the title is a property from the main X (running at :0 ).
kind regards, Christoph A.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/16/2011 12:26 AM, Christoph A. wrote:
On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
Hi,
If most of your windows are sandboxed applications, your bar looks like:
[Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
and it is hard to find a specific application.
example of a current Xephyr title: Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
with the modification in the attached patch titles will look like:
/usr/bin/firefox (sandbox_web_t)
and it should be easier to find a specific application. In addition to the type I would find it handy to also include the DISPLAY in the title (needed when using xsel for copy'n paste).
Thanks, I like this a lot.
Thanks for accepting these little patches.
The attached patch changes the window title a little more to display the program name instead of the full path to the executable.
old: /usr/bin/firefox (sandbox_web_t) /usr/bin/evince '/tmp/foobar.pdf' (sandbox_x_t)
after applying the patch titles look like the following: firefox (sandbox_web_t) evince (sandbox_x_t)
I do know if there is a way to change the label from within Xephyr, since we don not know the DISPLAY at the time we are setting the label.
I played a bit with 'xprop'. I was able to modify the title from outside the sandbox but not from within. I think it is not possible to change it from within the sandbox because the title is a property from the main X (running at :0 ).
kind regards, Christoph A.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
THat looks good, but I think we need to limit the size of the command Since it might be longer then the title bar.
On 05/17/2011 09:13 AM, Daniel J Walsh wrote:
THat looks good, but I think we need to limit the size of the command Since it might be longer then the title bar.
Do you want to calculate the length limit of the command (screen resolution?) or is a hard coded value ok?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/26/2011 09:16 PM, Christoph A. wrote:
On 05/17/2011 09:13 AM, Daniel J Walsh wrote:
THat looks good, but I think we need to limit the size of the command Since it might be longer then the title bar.
Do you want to calculate the length limit of the command (screen resolution?) or is a hard coded value ok?
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
I would just hard code some thing.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/16/2011 12:26 AM, Christoph A. wrote:
On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
Hi,
If most of your windows are sandboxed applications, your bar looks like:
[Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
and it is hard to find a specific application.
example of a current Xephyr title: Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
with the modification in the attached patch titles will look like:
/usr/bin/firefox (sandbox_web_t)
and it should be easier to find a specific application. In addition to the type I would find it handy to also include the DISPLAY in the title (needed when using xsel for copy'n paste).
Thanks, I like this a lot.
Thanks for accepting these little patches.
The attached patch changes the window title a little more to display the program name instead of the full path to the executable.
old: /usr/bin/firefox (sandbox_web_t) /usr/bin/evince '/tmp/foobar.pdf' (sandbox_x_t)
after applying the patch titles look like the following: firefox (sandbox_web_t) evince (sandbox_x_t)
Any way to change the icon associated with Xephyr. It would be cool to show firefox or evince icon rather then the xephyr icon when run within a sandbox?
On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
Thanks, I like this a lot. I do know if there is a way to change the label from within Xephyr, since we don not know the DISPLAY at the time we are setting the label.
F16 will have this change, and I will begin back porting to F14,F15, and probably RHEL.
Hi Dan,
any expectations when we are going to see these changes in F14? Or should I apply the changes manually for the moment?
thanks, Christoph
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/26/2011 09:10 PM, Christoph A. wrote:
On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
Thanks, I like this a lot. I do know if there is a way to change the label from within Xephyr, since we don not know the DISPLAY at the time we are setting the label.
F16 will have this change, and I will begin back porting to F14,F15, and probably RHEL.
Hi Dan,
any expectations when we are going to see these changes in F14? Or should I apply the changes manually for the moment?
thanks, Christoph
I would manually make the changes for now. Although I will kick off a back port of policycoreutils today.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The second patch only adds '-nolisten tcp' to Xephyr, but if there are
use cases where one needs Xephyr to open a listener this patch will break thinks.
I am adding this also, since it is more secure. I do not know of anything that will break.
Looks like in F17 the '-nolisten tcp' options was removed: (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -displayfd 5 5>&1 2>/dev/null)
was there a specific reason for this?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2012 09:41 AM, Christoph A. wrote:
The second patch only adds '-nolisten tcp' to Xephyr, but if there are
use cases where one needs Xephyr to open a listener this patch will break thinks.
I am adding this also, since it is more secure. I do not know of anything that will break.
Looks like in F17 the '-nolisten tcp' options was removed: (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -displayfd 5 5>&1 2>/dev/null)
was there a specific reason for this?
I don't remember adding this and it is not in F16 either. If it works, it probably is a good idea to add it.
selinux@lists.fedoraproject.org