Description of problem: When trying to use X forward to xguest_u user -> this is not possible Version-Release number of selected component (if applicable): selinux-policy-3.7.19-147.el6 How reproducible: 100% Steps to Reproduce: # be sure to have xorg-x11-xauth package installed useradd -Z staff_u staff useradd -Z xguest_u xguest # now set passwords for staff and xguest users ssh staff@localhost export DISPLAY=0:0 ssh xguest@localhost echo $DISPLAY Actual results: DISPLAY variable empty -> X11 forwarding not working Expected results: DISPLAY variable not empty and with correct content (i.e. localhost:10.0) -> X11 forwarding working Additional info:
I don't think this is something we want to allow for the default xguest_u user. He should not be sending his X Display to other machines.
(In reply to comment #1) > I don't think this is something we want to allow for the default xguest_u user. > He should not be sending his X Display to other machines. Actually I was thinking about a boolean but yes, it does not make sense to allow it for xguest_u.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0780.html