Bug 435745

Summary: Various denials from xdm_xserver_t to security_t
Product: [Fedora] Fedora Reporter: Zack Cerza <zcerza>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NEXTRELEASE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-02 19:43:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
audit.log none

Description Zack Cerza 2008-03-03 17:38:49 UTC
Description of problem:
I'm seeing lots and lots of avc denials while running X. They all seem to be
from source context xdm_xserver_t and target security_t.

If you want me to include all the messages, I can, but summarizing them might be
enough. It's being denied "read write", "compute_av", "compute_create",
"check_context", and "read" and "write" separately.

Additionally, I'm running in Permissive mode. If I enable Enforcing during a
session, very bad things happen.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.1-9.fc9.noarch
xorg-x11-server-Xorg-1.4.99.1-0.26.20080227.fc9.i386

Comment 1 Daniel Walsh 2008-03-03 18:02:14 UTC
Please attach the audit.log

Comment 2 Zack Cerza 2008-03-03 18:10:16 UTC
Created attachment 296649 [details]
audit.log

Comment 3 Daniel Walsh 2008-03-17 19:31:15 UTC
We have turned off the X SELinux for now.  The problem is the rules do not get
installed if you are in enforcing mode but if you boot in permissive mode and
then turn on enforcing mode, the rules will get loaded and enforced.



Comment 4 Bug Zapper 2008-05-14 05:44:33 UTC
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping