Setting the X Window Server Clearance and Minimum Label

The XTSOLsetSessionHI() and XTSOLsetSessionLO() routines are used to set the session high clearance and the session low minimum label for the X Window Server. Session high can be selected from the Label Builder GUI and must be within the user's range. Session low is the same as the user's minimum label for the multilevel session.

These interfaces should only be used by the window manager.

Status XTSOLsetSessionHI(Display *display, m_label_t *sl);

The session high clearance is set from the workstation owner's clearance at login. The session high clearance must be dominated by the owner's clearance and by the upper bound of the machine monitor's label range. Once changed, connection requests from clients that run at a sensitivity label higher than the window server clearance are rejected unless they have privileges. See the XTSOLsetSessionHI(3XTSOL) man page.

Status XTSOLsetSessionLO(Display *display, m_label_t *sl);

The session low minimum label is set from the workstation owner's minimum label at login. The session low minimum label must be greater than the user's administratively set minimum label and the lower bound of the machine monitor's label range. When this setting is changed, connection requests from clients that run at a sensitivity label lower than the window server sensitivity label are rejected unless they have privileges. See the XTSOLsetSessionLO(3XTSOL) man page.