I just installed the latest SELinux stuff from the hardened-development overlay onto my laptop, currently using the targeted profile (though I've also switched to strict and relabelled everything, same effect).
When logging in via a display manager, either kdm or gdm, the login session is not switching to the proper security context. Everything is running as system_u:system_r:xdm_t, including my own login context. I rebuilt gdm after switching profiles, so it has USE=selinux; I didn't see a similar USE flag for kdm. This is the first time I've tried Gentoo+SELinux on a non-server in a long time so I'm possibly missing something important. Is there something obvious I should check for? kutulu@platypus ~ $ ls -Z `which kdm` system_u:object_r:xdm_exec_t /usr/bin/kdm kutulu@platypus ~ $ ls -Z `which gdm-binary` system_u:object_r:xdm_exec_t /usr/sbin/gdm-binary kutulu@platypus ~ $ ps xZ LABEL PID TTY STAT TIME COMMAND system_u:system_r:xdm_t 14234 ? Ss 0:00 /bin/sh /usr/bin/startkde system_u:system_r:xdm_t 14298 ? S 0:00 dbus-launch --sh- syntax --exit-with-session system_u:system_r:xdm_t 14299 ? Ssl 0:03 /usr/bin/dbus- daemon --fork --print-pid 5 --print-address 7 --session system_u:system_r:xdm_t 14306 ? Ss 0:00 kdeinit4: kdeinit4 Running... system_u:system_r:xdm_t 14307 ? S 0:00 kdeinit4: klauncher [kdeinit] --fd=8 system_u:system_r:xdm_t 14309 ? Sl 0:01 kdeinit4: kded4 [kdeinit] system_u:system_r:xdm_t 14320 ? S 0:00 kdeinit4: kglobalaccel [kdeinit] system_u:system_r:xdm_t 14327 ? S 0:00 kwrapper4 ksmserver system_u:system_r:xdm_t 14343 ? Sl 0:00 kdeinit4: ksmserver [kdeinit] [...] kutulu@platypus ~ $ id -Z system_u:system_r:xdm_t kutulu@platypus ~ $ ps axZ | grep kdm system_u:system_r:xdm_t 2920 ? Ss 0:00 /usr/bin/kdm kutulu@platypus ~ $ ps axZ | grep X system_u:system_r:xserver_t 2939 tty7 Ss+ 1:16 /usr/bin/X -br - novtswitch -quiet :0 vt7 -nolisten tcp -auth /var/run/xauth/A:0-8zHr3b
