Bug 1309903
Summary: | [selinux-policy-targeted] Xorg fails to start up in enforcing mode | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Joachim Frieben <jfrieben> |
Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 24 | CC: | dwalsh, jfrieben |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | noarch | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-targeted-3.13.1-176.fc24 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-05 18:00:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Issue is absent after fully relabeling the file system. However, after a fresh network install from the Fedora development tree in a virtual machine like in this case, this should not be necessary - an anaconda issue? Maybe a full relabeling should be triggered by anaconda after install. Could you try to run 1. Boot system into run level 3. 2. # setenforce 1 3. # setenforce 0 4. Run 'startx'. 5. # ausearch -m avc,user_avc -ts recent Thank you. Created attachment 1128590 [details]
Output of 'ausearch -m avc,user_avc -ts recent' for Fedora Live image of 20160218
Created attachment 1128859 [details]
Xorg log file after executing setenforce 0
Created attachment 1128860 [details]
Various system labels before relabeling the file system
Created attachment 1128861 [details]
Various system labels after relabeling the file system
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase |
Created attachment 1128340 [details] Xorg log file after crash Description of problem: For the current Fedora development tree, running 'startx' from run level 3 in a virtual machine leads to a crash of Xorg unless SELinux is run in permissive mode. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.13.1-171.fc24 How reproducible: Always Steps to Reproduce: 1. Boot system into run level 3. 2. Run 'startx'. Actual results: Xorg crashes with error "xf86EnableIOPorts: failed to set IOPL for I/O" etc. Expected results: Xorg starts up as expected. Additional info: Xorg starts up successfully after booting with SELinux in permissive mode.