Privileged Operations

Library routines that access a window, property or atom name without user involvement require mandatory and discretionary access. Library routines that access framebuffer graphic contexts, fonts, and cursors require discretionary access and may also require additional privilege for special tasks as described below.

The client may need one or more of the following privileges in its effective set if access to the object is denied: win_dac_read, win_dac_write, win_mac_read, or win_mac_write. See /usr/openwin/server/tsol/config.privs to enable or disable these policies..

Configuring and Destroying Resources

A client needs the win_config privilege in its effective set to configure or destroy windows or properties permanently retained by the X Window Server. The screen saver timeout is an example of such a resource.

Input Devices

A client needs the win_devices privilege in its effective set to get and set keyboard and pointer controls or modify pointer button and key mappings.

Direct Graphics Access

A client needs the win_dga privilege in its effective set to use the direct graphics access (DGA) X protocol extension.

Downgrading labels

A client needs the win_downgrade_sl privilege in its effective set to change the sensitivity label on a window, pixmap, or property to a new label that does not dominate the existing label.

Upgrading Labels

A client process needs the win_upgrade_sl privilege in its effective set to change the sensitivity label on a window, pixmap, or property to a new label that dominates the existing label.

Setting a Font Path

A client needs the win_fontpath privilege in its effective set to modify the font path.