Library routines that access a window, property or atom name without user involvement require mandatory and discretionary access. Library routines that access framebuffer graphic contexts, fonts, and cursors require discretionary access and may also require additional privilege for special tasks as described below.
The client may need one or more of the following privileges in its effective set if access to the object is denied: win_dac_read, win_dac_write, win_mac_read, or win_mac_write. See /usr/openwin/server/tsol/config.privs to enable or disable these policies..
A client needs the win_config privilege in its effective set to configure or destroy windows or properties permanently retained by the X Window Server. The screen saver timeout is an example of such a resource.
A client needs the win_devices privilege in its effective set to get and set keyboard and pointer controls or modify pointer button and key mappings.
A client needs the win_dga privilege in its effective set to use the direct graphics access (DGA) X protocol extension.
A client needs the win_downgrade_sl privilege in its effective set to change the sensitivity label on a window, pixmap, or property to a new label that does not dominate the existing label.
A client process needs the win_upgrade_sl privilege in its effective set to change the sensitivity label on a window, pixmap, or property to a new label that dominates the existing label.
A client needs the win_fontpath privilege in its effective set to modify the font path.