Brian Vetter wrote:
We have a demonstration system (hopefully won't be a demo for long) that
utilizes trusted extensions and VirtualBox together. We have separate labeled
zones with one or more running an instance of VirtualBox (hosting Windows).
Everything works fine as long as we keep to maximized Windows apps running in a
Windows desktop.
VirtualBox has a feature called "Seamless Windowing" that lets a guest
application Window float in the host's window manager (similar to Unit for Fusion and
other similar technologies for Windows and Linux or with some of the RDP clients). We can
turn this on in VirtualBox and it mostly works on Solaris 10 with Trusted Extensions with
one exception:
When a "seamless" window is rendered in the JDS, it no longer has the "label" security bar
surrounding it. While the trusted stripe reflects the correct label for the "seamless" window, there is no
indicator on the actual "seamless" window which label is applied to the Window (an issue for
usability/security awareness).
Is there a setting or something we are missing that can re-establish the
correct label decoration to the window?
Sorry, Brian. This is a known deficiency of seamless mode. The
implementation is done using the SHAPE extension with cutouts for the
background area where the Solaris windows show through. So all the MS
Windows are rendered in the same X11 window, which has a single label.
The pointer focus is correctly rendered, however, We don't currently
have any workarounds for this. I think it would require a new
implementation in which the MS Windows are actually individual X11 windows.
-- Glenn
ORACLE ®
Glenn Faden | Senior Principal Software Engineer
Phone: +1 650 786 4003 | Mobile: +1 415 637 8181
Oracle Solaris Security, Solaris Core OS Technology Engineering
_______________________________________________
security-discuss mailing list
[email protected]
