Bug 179058
Summary: | X server segfault during rhgb or single-user mode run | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jason Vas Dias <jvdias> | ||||||||
Component: | synaptics | Assignee: | Paul Nasrat <nobody+pnasrat> | ||||||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | rawhide | CC: | dwalsh, nobody+pnasrat, xgl-maint | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2006-02-02 20:01:53 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Jason Vas Dias
2006-01-26 21:31:51 UTC
Created attachment 123747 [details]
X server log from 'X -probeonly' ending with core dump
This turns out to be an SELinux issue - problem does not occur with SELinux in permissive mode. Here are the AVCs generated: allow unconfined_t self:process execheap; type=AVC msg=audit(1138379116.505:94): avc: denied { execheap } for pid=2014 comm="X" scontext=system_u:system_r:unconfined_t:s0 tcontext=system_u:system_r:unconfined_t:s0 tclass=process Perhaps X should have its own SELinux context that allows execheap privilege. Either synaptics_drv should avoid having to exec heap memory, or SELinux must allow X to do so - otherwise rhgb is disabled during boot if synaptics touchpad is installed and SELinux is in enforcing mode. Reassigning to synaptics component, as I can't think of any really good reason why the synaptics driver should need to exec heap memory. What's weird about this is why in single-user mode / when rhgb is run, synaptics_drv needs to exec heap memory, but when run from the display manager, it apparently does not. ie. ONLY when run from xdm / prefdm / kdm, can my X server run at all, with SELinux in Enforcing mode. Any attempt to run X from the command line with SELinux enabled, ie. from Xsession / startx, or 'X -probeonly', results in the Abort in the same place, on the attempt to load the synaptics driver. kdm (the DM I use) and xdm have context 'system_u:object_r:xdm_exec_t', while X and gdm have the default context system_u:object_r:bin_t / sbin_t . Aha ! maybe this is why gdm cannot run X on my system either ... Indeed, only when X is run with xdm_t context, it is granted the execmem privilege: type=AVC msg=audit(1138394146.502:311): avc: granted { execmem } for pid=4020 comm="X" scontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=process type=AVC msg=audit(1138394146.506:312): avc: granted { execmem } for pid=4020 comm="X" scontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=process type=AVC msg=audit(1138394146.506:312): avc: granted { execmem } for pid=4020 comm="X" scontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=process type=AVC msg=audit(1138394146.506:313): avc: granted { execmem } for pid=4020 comm="X" scontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=process When X is run under any other context than xdm_t:s0-s0:c0.c255, it cannot "execmem". The fact that this happens 4 times suggests that it is not only the synaptics driver load that causes the execmem. Out of curiosity can you attach your xorg.conf too. Created attachment 123812 [details]
/etc/X11/xorg.conf as requested
Created attachment 123813 [details]
Xorg.0.log from successful X run (when X runs in xdm_t context)
Hooray! This bug is now magically fixed with today's Rawhide (20060201), and selinux-policy-targeted-2.2.9-2, now that /usr/bin/Xorg has context system_u:object_r:xserver_exec_t - rhgb now starts and X can be run outside of xdm OK - thanks! |