From patchwork Wed Sep 21 15:39:53 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Petr Lautrbach <plautrba@redhat.com>
X-Patchwork-Id: 9343751
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	0B43D601C2 for <patchwork-selinux@patchwork.kernel.org>;
	Wed, 21 Sep 2016 15:41:07 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EFFA82A786
	for <patchwork-selinux@patchwork.kernel.org>;
	Wed, 21 Sep 2016 15:41:06 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E2E202A7AC; Wed, 21 Sep 2016 15:41:06 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9E2E92A786
	for <patchwork-selinux@patchwork.kernel.org>;
	Wed, 21 Sep 2016 15:41:04 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.30,374,1470700800"; d="scan'208";a="19433594"
IronPort-PHdr: =?us-ascii?q?9a23=3AOHKGkBz/7LfkOQvXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0e8WIJqq85mqBkHD//Il1AaPBtSBraoewLqG+4nbGkU4qa6bt34DdJEeHzQksu?=
	=?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2WVTerzWI4CIIHV2nbEwu?=
	=?us-ascii?q?d76zQtSZ35T//tvx0qWbWx9Piju5bOE6BzSNhiKViPMrh5B/IL060BrDrygAUe?=
	=?us-ascii?q?1XwWR1OQDbxE6ktY+N5porzwB887JkrpYBAu3GePEjQLhZCik2G3wk783s8x/Y?=
	=?us-ascii?q?RE2A4WVPfH8Rl09wDhTfpDXzQ4vruCLxtqIpwC2TINHsR7kcQzmu7653DhTvjX?=
	=?us-ascii?q?FUZHYC7GjLh5ko3+pgqxW7qkk6mtbZ?=
X-IPAS-Result: =?us-ascii?q?A2FVBQBrqeJX/wHyM5BeHQEFAQsBGQYMgxABAQEBAR6BU7p?=
	=?us-ascii?q?xI4dpTAEBAQEBAQEBAgECWyeCMgQDEwWCEQIEAQI3FCAOAwkBARcpCAgDAS0VE?=
	=?us-ascii?q?Q4LBRYCBIgqu2EBJIY3iGgCEQEGYoUSBZl1iSqGOAKJe4VtApBjVIUHcIQXDxd?=
	=?us-ascii?q?hgScBAQE?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 21 Sep 2016 15:41:01 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8LFe3Ut027681;
	Wed, 21 Sep 2016 11:40:16 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u8LFe2Kk084569 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Wed, 21 Sep 2016 11:40:02 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8LFe1PA027621
	for <selinux@tycho.nsa.gov>; Wed, 21 Sep 2016 11:40:01 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1AAAQBHqOJXhxy3hNFeHAEBBAEBCgEBgzsBAQEBAYFxpSiRQIQThh4CgWJMAQIBAQEBAQITAQEBCgsJCRmFEQIBA3kQUVcZG4gwu1gBAQgnhjeIaBpihRIFmXWJKoY4Ao9oApBjg32BXDw0hD+CLgEBAQ
X-IPAS-Result: 
 A1AAAQBHqOJXhxy3hNFeHAEBBAEBCgEBgzsBAQEBAYFxpSiRQIQThh4CgWJMAQIBAQEBAQITAQEBCgsJCRmFEQIBA3kQUVcZG4gwu1gBAQgnhjeIaBpihRIFmXWJKoY4Ao9oApBjg32BXDw0hD+CLgEBAQ
X-IronPort-AV: E=Sophos;i="5.30,374,1470715200"; d="scan'208";a="5719411"
Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov)
	([10.208.41.36])
	by goalie.tycho.ncsc.mil with ESMTP; 21 Sep 2016 11:40:00 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3A2cDKwBVLKK+JYBF7TSshG6k6p9fV8LGtZVwlr6E/?=
	=?us-ascii?q?grcLSJyIuqrYZheCt8tkgFKBZ4jH8fUM07OQ6PG6HzRaqsbR+Fk5M7V0Hycfjs?=
	=?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aJBzzOEJP?=
	=?us-ascii?q?K/jvHcaK1oLshrr0o8eYM1UArQH+SIs6FA+xowTVu5teqqpZAYF19CH0pGBVcf?=
	=?us-ascii?q?9d32JiKAHbtR/94sCt4MwrqHwI6Lpyv/JHBL73e6U+UKxwECUtM2dz4tbi8xbE?=
	=?us-ascii?q?U1ih/HwZB10bjgAAJwHY8AvwV5zx+n/isuNgxDOQNOXsQLw0UCjk5KBuHky7wB?=
	=?us-ascii?q?wbPiI0pTmEwvd7i7hW9Uqs?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HMAQCvqOJXhxy3hNFeHAEBBAEBCgEBG?=
	=?us-ascii?q?QYMgxABAQEBAYFxpSiRQIQThh4CgWJMAQEBAQEBAQECAQIQAQEBCgsJCRkvgjI?=
	=?us-ascii?q?YghgCAQN5EFFXGRuIMLtVAQEIAiWGN4hoGmKFEgWZdYkqhjgCj2gCkGODfYFcP?=
	=?us-ascii?q?DSEP4IuAQEB?=
X-IPAS-Result: =?us-ascii?q?A0HMAQCvqOJXhxy3hNFeHAEBBAEBCgEBGQYMgxABAQEBAYF?=
	=?us-ascii?q?xpSiRQIQThh4CgWJMAQEBAQEBAQECAQIQAQEBCgsJCRkvgjIYghgCAQN5EFFXG?=
	=?us-ascii?q?RuIMLtVAQEIAiWGN4hoGmKFEgWZdYkqhjgCj2gCkGODfYFcPDSEP4IuAQEB?=
X-IronPort-AV: E=Sophos;i="5.30,374,1470700800"; d="scan'208";a="17819571"
Received: from mx1.redhat.com ([209.132.183.28])
	by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	21 Sep 2016 15:40:00 +0000
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
	(int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 923488E003
	for <selinux@tycho.nsa.gov>; Wed, 21 Sep 2016 15:39:58 +0000 (UTC)
Received: from rhel-at-redhat.localdomain.com ([10.40.2.167])
	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id u8LFdvZN012914; Wed, 21 Sep 2016 11:39:58 -0400
From: Petr Lautrbach <plautrba@redhat.com>
To: selinux@tycho.nsa.gov
Subject: [PATCH] sandbox: do not run xmodmap in a new X session
Date: Wed, 21 Sep 2016 17:39:53 +0200
Message-Id: <1474472393-2208-1-git-send-email-plautrba@redhat.com>
In-Reply-To: <45d0fdf5-48ad-242c-fa77-314bdf052bb7@tycho.nsa.gov>
References: <45d0fdf5-48ad-242c-fa77-314bdf052bb7@tycho.nsa.gov>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.27]); Wed, 21 Sep 2016 15:39:58 +0000 (UTC)
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

xmodmap causes Xephyr X server to reset itself when it's run before wm
and even right after wm. It causes termination of the server as we use
-terminate. The -terminate option seems be important enough in order not
to left running the server when the last client connection is closed.

This patch drops the execution of xmodmap from .sandboxrc until there's
a better solution.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
 policycoreutils/sandbox/sandbox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
index 726ba9b..4ed57c1 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -282,7 +282,7 @@ class Sandbox:
                 command += "'%s' " % p
             fd.write("""#! /bin/sh
 #TITLE: %s
-/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
+# /usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
 %s &
 WM_PID=$!
 dbus-launch --exit-with-session %s