example of a current Xephyr title:
Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
with the modification in the attached patch titles will look like:
/usr/bin/firefox (sandbox_web_t)
and it should be easier to find a specific application.
In addition to the type I would find it handy to also include the
DISPLAY in the title (needed when using xsel for copy'n paste).
The second patch only adds '-nolisten tcp' to Xephyr, but if there are
use cases where one needs Xephyr to open a listener this patch will
break thinks.
regards,
Christoph A.
btw: secon's manpage doesn't contain the '-l' option.
On 04/21/2011 08:01 AM, Christoph A. wrote:
> Hi,
>
> If most of your windows are sandboxed applications, your bar looks like:
>
> [Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
>
> and it is hard to find a specific application.
>
> example of a current Xephyr title:
> Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
>
> with the modification in the attached patch titles will look like:
>
> /usr/bin/firefox (sandbox_web_t)
>
> and it should be easier to find a specific application.
> In addition to the type I would find it handy to also include the
> DISPLAY in the title (needed when using xsel for copy'n paste).
>
Thanks, I like this a lot. I do know if there is a way to change the
label from within Xephyr, since we don not know the DISPLAY at the time
we are setting the label.
F16 will have this change, and I will begin back porting to F14,F15, and
probably RHEL.
> The second patch only adds '-nolisten tcp' to Xephyr, but if there are
> use cases where one needs Xephyr to open a listener this patch will
> break thinks.
>
I am adding this also, since it is more secure. I do not know of
anything that will break.
> regards,
> Christoph A.
> btw: secon's manpage doesn't contain the '-l' option.
>
>
>
Turns out this has been deprecated anyways. -m or -s should have been
used.
Thanks for the patches.
Applied in policycoreutils-2.0.86-6.fc16
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
>> Hi,
>> >
>> > If most of your windows are sandboxed applications, your bar looks like:
>> >
>> > [Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
>> >
>> > and it is hard to find a specific application.
>> >
>> > example of a current Xephyr title:
>> > Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
>> >
>> > with the modification in the attached patch titles will look like:
>> >
>> > /usr/bin/firefox (sandbox_web_t)
>> >
>> > and it should be easier to find a specific application.
>> > In addition to the type I would find it handy to also include the
>> > DISPLAY in the title (needed when using xsel for copy'n paste).
>> >
> Thanks, I like this a lot.
Thanks for accepting these little patches.
The attached patch changes the window title a little more to display the
program name instead of the full path to the executable.
after applying the patch titles look like the following:
firefox (sandbox_web_t)
evince (sandbox_x_t)
> I do know if there is a way to change the
> label from within Xephyr, since we don not know the DISPLAY at the time
> we are setting the label.
I played a bit with 'xprop'. I was able to modify the title from outside
the sandbox but not from within. I think it is not possible to change it
from within the sandbox because the title is a property from the main X
(running at :0 ).
kind regards,
Christoph A.
249c249
< """ % (command, wm, command))
---
> """ % (command.split()[0].split('/')[-1], wm, command))
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
05-16-2011, 07:07 PM
Daniel J Walsh
modifying the Xephyr window title (patch)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/16/2011 12:26 AM, Christoph A. wrote:
> On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
>>> Hi,
>>>>
>>>> If most of your windows are sandboxed applications, your bar looks like:
>>>>
>>>> [Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
>>>>
>>>> and it is hard to find a specific application.
>>>>
>>>> example of a current Xephyr title:
>>>> Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
>>>>
>>>> with the modification in the attached patch titles will look like:
>>>>
>>>> /usr/bin/firefox (sandbox_web_t)
>>>>
>>>> and it should be easier to find a specific application.
>>>> In addition to the type I would find it handy to also include the
>>>> DISPLAY in the title (needed when using xsel for copy'n paste).
>>>>
>> Thanks, I like this a lot.
>
> Thanks for accepting these little patches.
>
> The attached patch changes the window title a little more to display the
> program name instead of the full path to the executable.
>
> old:
> /usr/bin/firefox (sandbox_web_t)
> /usr/bin/evince '/tmp/foobar.pdf' (sandbox_x_t)
>
>
> after applying the patch titles look like the following:
> firefox (sandbox_web_t)
> evince (sandbox_x_t)
>
Any way to change the icon associated with Xephyr. It would be cool to
show firefox or evince icon rather then the xephyr icon when run within
a sandbox?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
On 05/16/2011 12:26 AM, Christoph A. wrote:
> On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
>>> Hi,
>>>>
>>>> If most of your windows are sandboxed applications, your bar looks like:
>>>>
>>>> [Sandbox sandbo..] [Sandbox sandbo..] [Sandbox sandbo..]
>>>>
>>>> and it is hard to find a specific application.
>>>>
>>>> example of a current Xephyr title:
>>>> Sandbox sandbox_web_t:s0:c112,c991 -- /usr/bin/firefox
>>>>
>>>> with the modification in the attached patch titles will look like:
>>>>
>>>> /usr/bin/firefox (sandbox_web_t)
>>>>
>>>> and it should be easier to find a specific application.
>>>> In addition to the type I would find it handy to also include the
>>>> DISPLAY in the title (needed when using xsel for copy'n paste).
>>>>
>> Thanks, I like this a lot.
>
> Thanks for accepting these little patches.
>
> The attached patch changes the window title a little more to display the
> program name instead of the full path to the executable.
>
> old:
> /usr/bin/firefox (sandbox_web_t)
> /usr/bin/evince '/tmp/foobar.pdf' (sandbox_x_t)
>
>
> after applying the patch titles look like the following:
> firefox (sandbox_web_t)
> evince (sandbox_x_t)
>
>
>> I do know if there is a way to change the
>> label from within Xephyr, since we don not know the DISPLAY at the time
>> we are setting the label.
>
> I played a bit with 'xprop'. I was able to modify the title from outside
> the sandbox but not from within. I think it is not possible to change it
> from within the sandbox because the title is a property from the main X
> (running at :0 ).
>
> kind regards,
> Christoph A.
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
THat looks good, but I think we need to limit the size of the command
Since it might be longer then the title bar.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
> Thanks, I like this a lot. I do know if there is a way to change the
> label from within Xephyr, since we don not know the DISPLAY at the time
> we are setting the label.
>
> F16 will have this change, and I will begin back porting to F14,F15, and
> probably RHEL.
Hi Dan,
any expectations when we are going to see these changes in F14?
Or should I apply the changes manually for the moment?
thanks,
Christoph
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
05-27-2011, 01:16 AM
"Christoph A."
modifying the Xephyr window title (patch)
On 05/17/2011 09:13 AM, Daniel J Walsh wrote:
> THat looks good, but I think we need to limit the size of the command
> Since it might be longer then the title bar.
Do you want to calculate the length limit of the command (screen
resolution?) or is a hard coded value ok?
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
05-31-2011, 02:28 PM
Daniel J Walsh
modifying the Xephyr window title (patch)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/26/2011 09:10 PM, Christoph A. wrote:
> On 04/22/2011 01:07 PM, Daniel J Walsh wrote:
>> Thanks, I like this a lot. I do know if there is a way to change the
>> label from within Xephyr, since we don not know the DISPLAY at the time
>> we are setting the label.
>>
>> F16 will have this change, and I will begin back porting to F14,F15, and
>> probably RHEL.
>
> Hi Dan,
>
> any expectations when we are going to see these changes in F14?
> Or should I apply the changes manually for the moment?
>
> thanks,
> Christoph
>
I would manually make the changes for now. Although I will kick off a
back port of policycoreutils today.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
On 05/26/2011 09:16 PM, Christoph A. wrote:
> On 05/17/2011 09:13 AM, Daniel J Walsh wrote:
>> THat looks good, but I think we need to limit the size of the command
>> Since it might be longer then the title bar.
>
> Do you want to calculate the length limit of the command (screen
> resolution?) or is a hard coded value ok?
>
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I would just hard code some thing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>> The second patch only adds '-nolisten tcp' to Xephyr, but if
>> there are
>>> use cases where one needs Xephyr to open a listener this patch
>>> will break thinks.
>>>
> I am adding this also, since it is more secure. I do not know of
> anything that will break.
Looks like in F17 the '-nolisten tcp' options was removed:
(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -dpi
$DPI -displayfd 5 5>&1 2>/dev/null)
modifying the Xephyr window title (patch)
