modifying the Xephyr window title (patch)
 

Hi,

If most of your windows are sandboxed applications, your bar looks like:

[Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]

and it is hard to find a specific application.

example of a current Xephyr title:
Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox

with the modification in the attached patch titles will look like:

/usr/bin/firefox (sandbox_web_t)

and it should be easier to find a specific application.
In addition to the type I would find it handy to also include the
DISPLAY in the title (needed when using xsel for copy'n paste).

The second patch only adds '-nolisten tcp' to Xephyr, but if there are
use cases where one needs Xephyr to open a listener this patch will
break thinks.

regards,
Christoph A.
btw: secon's manpage doesn't contain the '-l' option.

7c7
< (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
---
> (/usr/bin/Xephyr -nolisten tcp -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
2,3c2,3
< context=`id -Z | secon -t -l -P`
< export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
---
> context=`id -Z|secon -t`
> export TITLE="`grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80` ($context)"
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/21/2011 08:01 AM, Christoph A. wrote:
> Hi,
>
> If most of your windows are sandboxed applications, your bar looks like:
>
> [Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
>
> and it is hard to find a specific application.
>
> example of a current Xephyr title:
> Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
>
> with the modification in the attached patch titles will look like:
>
> /usr/bin/firefox (sandbox_web_t)
>
> and it should be easier to find a specific application.
> In addition to the type I would find it handy to also include the
> DISPLAY in the title (needed when using xsel for copy'n paste).
>
Thanks, I like this a lot. I do know if there is a way to change the
label from within Xephyr, since we don not know the DISPLAY at the time
we are setting the label.

F16 will have this change, and I will begin back porting to F14,F15, and
probably RHEL.
> The second patch only adds '-nolisten tcp' to Xephyr, but if there are
> use cases where one needs Xephyr to open a listener this patch will
> break thinks.
>
I am adding this also, since it is more secure. I do not know of
anything that will break.

> regards,
> Christoph A.
> btw: secon's manpage doesn't contain the '-l' option.
>
>
>
Turns out this has been deprecated anyways. -m or -s should have been
used.

Thanks for the patches.

Applied in policycoreutils-2.0.86-6.fc16
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2xYWEACgkQrlYvE4MpobPl1gCfQT8bBUJwAe zBaZ2H4JC9mj1x
L04An3XMLyAtJvHrlFh2cRvOZvO7pJTC
=6q//
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
>> Hi,
>> >
>> > If most of your windows are sandboxed applications, your bar looks like:
>> >
>> > [Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
>> >
>> > and it is hard to find a specific application.
>> >
>> > example of a current Xephyr title:
>> > Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
>> >
>> > with the modification in the attached patch titles will look like:
>> >
>> > /usr/bin/firefox (sandbox_web_t)
>> >
>> > and it should be easier to find a specific application.
>> > In addition to the type I would find it handy to also include the
>> > DISPLAY in the title (needed when using xsel for copy'n paste).
>> >
> Thanks, I like this a lot.

Thanks for accepting these little patches.

The attached patch changes the window title a little more to display the
program name instead of the full path to the executable.

old:
/usr/bin/firefox (sandbox_web_t)
/usr/bin/evince '/tmp/foobar.pdf' (sandbox_x_t)


after applying the patch titles look like the following:
firefox (sandbox_web_t)
evince (sandbox_x_t)


> I do know if there is a way to change the
> label from within Xephyr, since we don not know the DISPLAY at the time
> we are setting the label.

I played a bit with 'xprop'. I was able to modify the title from outside
the sandbox but not from within. I think it is not possible to change it
from within the sandbox because the title is a property from the main X
(running at :0 ).

kind regards,
Christoph A.
249c249
< """ % (command, wm, command))
---
> """ % (command.split()[0].split('/')[-1], wm, command))
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/16/2011 12:26 AM, Christoph A. wrote:
> On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
>>> Hi,
>>>>
>>>> If most of your windows are sandboxed applications, your bar looks like:
>>>>
>>>> [Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
>>>>
>>>> and it is hard to find a specific application.
>>>>
>>>> example of a current Xephyr title:
>>>> Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
>>>>
>>>> with the modification in the attached patch titles will look like:
>>>>
>>>> /usr/bin/firefox (sandbox_web_t)
>>>>
>>>> and it should be easier to find a specific application.
>>>> In addition to the type I would find it handy to also include the
>>>> DISPLAY in the title (needed when using xsel for copy'n paste).
>>>>
>> Thanks, I like this a lot.
>
> Thanks for accepting these little patches.
>
> The attached patch changes the window title a little more to display the
> program name instead of the full path to the executable.
>
> old:
> /usr/bin/firefox (sandbox_web_t)
> /usr/bin/evince '/tmp/foobar.pdf' (sandbox_x_t)
>
>
> after applying the patch titles look like the following:
> firefox (sandbox_web_t)
> evince (sandbox_x_t)
>

Any way to change the icon associated with Xephyr. It would be cool to
show firefox or evince icon rather then the xephyr icon when run within
a sandbox?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3RdeIACgkQrlYvE4MpobO/wACgvESCxZA4tu3tWhWNxrni/k8v
dFYAmQHFdm1BCaHxr2BZlmbuAwCZl3af
=ymCs
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/16/2011 12:26 AM, Christoph A. wrote:
> On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
>>> Hi,
>>>>
>>>> If most of your windows are sandboxed applications, your bar looks like:
>>>>
>>>> [Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
>>>>
>>>> and it is hard to find a specific application.
>>>>
>>>> example of a current Xephyr title:
>>>> Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
>>>>
>>>> with the modification in the attached patch titles will look like:
>>>>
>>>> /usr/bin/firefox (sandbox_web_t)
>>>>
>>>> and it should be easier to find a specific application.
>>>> In addition to the type I would find it handy to also include the
>>>> DISPLAY in the title (needed when using xsel for copy'n paste).
>>>>
>> Thanks, I like this a lot.
>
> Thanks for accepting these little patches.
>
> The attached patch changes the window title a little more to display the
> program name instead of the full path to the executable.
>
> old:
> /usr/bin/firefox (sandbox_web_t)
> /usr/bin/evince '/tmp/foobar.pdf' (sandbox_x_t)
>
>
> after applying the patch titles look like the following:
> firefox (sandbox_web_t)
> evince (sandbox_x_t)
>
>
>> I do know if there is a way to change the
>> label from within Xephyr, since we don not know the DISPLAY at the time
>> we are setting the label.
>
> I played a bit with 'xprop'. I was able to modify the title from outside
> the sandbox but not from within. I think it is not possible to change it
> from within the sandbox because the title is a property from the main X
> (running at :0 ).
>
> kind regards,
> Christoph A.
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
THat looks good, but I think we need to limit the size of the command
Since it might be longer then the title bar.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3SIAYACgkQrlYvE4MpobMD0ACgrV+AYl5sf8 I+H6Tv7Xgy0p4X
N7wAoLri3i1TRBP0a0Rq5qlZYUPXanEr
=QJcU
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
> Thanks, I like this a lot. I do know if there is a way to change the
> label from within Xephyr, since we don not know the DISPLAY at the time
> we are setting the label.
>
> F16 will have this change, and I will begin back porting to F14,F15, and
> probably RHEL.

Hi Dan,

any expectations when we are going to see these changes in F14?
Or should I apply the changes manually for the moment?

thanks,
Christoph

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

On 05/17/2011 09:13 AM, Daniel J Walsh wrote:
> THat looks good, but I think we need to limit the size of the command
> Since it might be longer then the title bar.

Do you want to calculate the length limit of the command (screen
resolution?) or is a hard coded value ok?

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/26/2011 09:10 PM, Christoph A. wrote:
> On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
>> Thanks, I like this a lot. I do know if there is a way to change the
>> label from within Xephyr, since we don not know the DISPLAY at the time
>> we are setting the label.
>>
>> F16 will have this change, and I will begin back porting to F14,F15, and
>> probably RHEL.
>
> Hi Dan,
>
> any expectations when we are going to see these changes in F14?
> Or should I apply the changes manually for the moment?
>
> thanks,
> Christoph
>
I would manually make the changes for now. Although I will kick off a
back port of policycoreutils today.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3k+xcACgkQrlYvE4MpobOxbACfdT71WZvzIE JN7E8hknINjzHR
gvIAn3KLV6ce0vqKfIZH9eu/hjVBebGK
=Ws1P
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/26/2011 09:16 PM, Christoph A. wrote:
> On 05/17/2011 09:13 AM, Daniel J Walsh wrote:
>> THat looks good, but I think we need to limit the size of the command
>> Since it might be longer then the title bar.
>
> Do you want to calculate the length limit of the command (screen
> resolution?) or is a hard coded value ok?
>
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I would just hard code some thing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3k+ykACgkQrlYvE4MpobM4/wCdEP1232KJq6e0NPQSIBLc5bIF
NzMAnieHMf+c4kCQPs/ki2EmtdohhF7m
=Sj1K
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

modifying the Xephyr window title (patch)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

>> The second patch only adds '-nolisten tcp' to Xephyr, but if
>> there are
>>> use cases where one needs Xephyr to open a listener this patch
>>> will break thinks.
>>>
> I am adding this also, since it is more secure. I do not know of
> anything that will break.


Looks like in F17 the '-nolisten tcp' options was removed:
(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -dpi
$DPI -displayfd 5 5>&1 2>/dev/null)

was there a specific reason for this?

-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk/lx3AACgkQrq+riTAIEg1CjgCeL1BS2fGPoELuM2pnTNl47IK3
eukAniPqZpbd58/fP8fJsFmixJvv/fvs
=hz+/
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux