[taway098123]

It's not wrong, it's not FUD, and that doesn't change anything. The only working plugin is the SELinux one. If you can't use that, you have to rebuild an entire new security architecture... which is what they had to do in Wayland anyway. XACE isn't really built for anything besides MAC either, so it's inadequate for doing anything that isn't an LSM. It also has a problem where new hooks need to be added for every new X extension, and that didn't happen so now it's outdated. In Wayland that entire concept was replaced with a single API function to do generic traffic filtering.

It's also outside the scope of a desktop environment or window manager to ship plugins to the X server. Hence another reason why they had to go with a new protocol that makes it easier to implement their own server...

[jude-]

> The only working plugin is the SELinux one. If you can't use that, you have to rebuild an entire new security architecture

I stopped reading at this point. If you're not going to read the documentation, then you can kindly go crawl back under your rock on /r/linuxmasterrace.

[taway098123]

I was familiar with that documentation around 10 years ago, please stop making these assumptions and please stop dismissing what I have to say. The documentation is irrelevant, I'm talking about the server source code. There is one real plugin implementation there that uses SELinux. That's it. There is currently no other real way to use XACE, it's otherwise totally useless to end users.

Yes people could develop new plugins that integrate with some other security mechanism, but they haven't, in part because the hooks are so out of date, and in part because, you know, that requires building another security mechanism. The access hooks are not a security mechanism, they allow you to integrate with some external MAC.