Policies for using Systrace under X11.
--------------------------------------

Originally by Dug Song <dugsong@monkey.org>.
Cleaned up by Niels Provos <provos@citi.umich.edu>.

It is suggested to create a xsterm shell script:

#!/bin/sh
exec systrace -d $HOME/.systrace/X11 xterm -rv -bg black $* -e /bin/stsh

Where /bin/stsh, is a wrapper that just executes the right shell.  Something
like this:

#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <err.h>

int
main(int argc, char **argv, char **envp)
{
        if (getuid() == 0)
                err(1, "Not allowed for root");

        execve("/bin/ksh", argv, envp);

        err(1, "Execve failed");
}

Configure your window manager to execute /usr/local/bin/xsterm instead
of xterm.  And then have an "Unsecured button" that launches an xterm
as xterm -rv -bg red.

Enjoy,
 Niels.
