From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 CentOS/1.0.7-1.4.1.1ment Firefox/1.0.7 Description of problem: #before xdm patch id -Z user_u:system_r:initrc_t su - Password: Your default context is root:system_r:unconfined_t. Do you want to choose a different one? [n] # #after xdm patch id -Z user_u:system_r:unconfined_t su - Password: # Version-Release number of selected component (if applicable): xorg-x11-xdm-6.8.2-1.EL.13.20 How reproducible: Always Steps to Reproduce: 1. use xdm 2. login 3. id -Z 4. su - Actual Results: Your default context is root:system_r:unconfined_t. Expected Results: Nothing Additional info: The real issue is xdm is not selinux aware. Patch attached was from : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=233551 Although the bug was for xfree,the xorg patch was trivial.
Created attachment 123472 [details] selinux patch patch for xdm and selinux
Feature enhancement requests for Red Hat Enterprise Linux can be made by contacting Red Hat support services via 1-888-RED-HAT1, or by filing a web support ticket at http://www.redhat.com/support depending on the type of Red Hat support contract obtained. The general process for feature requests, is to have the author of the patch/code submit their code to X.Org bugzilla at http://bugs.freedesktop.org in the "xorg" component for review and consideration. Once the patch has been accepted and committed to X.Org CVS, it will then get wider community regression and stability testing. Later, when it is considered stable upstream, we can then re-review the official support request for consideration in a future RHEL OS update or new OS release. Once a request is filed in X.Org bugzilla, if someone provides us with the upstream bug URL, we will also track the issue in the upstream bugzilla. Thanks in advance.
Closing request due to lack of feedback/response to above queries. Red Hat Enterprise Linux customers who wish to make an official feature request for RHEL, can do so by logging into the Red Hat support website at http://www.redhat.com/support or by contacting Red Hat support services at 1-888-RED-HAT1 to make an official support request. As mentioned in comment #3, most feature requests of this nature need to be submitted directly to the upstream project and be accepted into their codebase before we will consider inclusion in our products. Setting status to "CANTFIX", as the prerequisites have not been met in order for this feature to be considered for RHEL.