Bug 492299
Summary: | (staff_u) couple of Xserver AVC denials | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> | ||||
Component: | xorg-x11-server | Assignee: | Adam Jackson <ajax> | ||||
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 10 | CC: | dwalsh, mcepl, xgl-maint | ||||
Target Milestone: | --- | Keywords: | SELinux | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-03-27 00:47:07 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Matěj Cepl
2009-03-26 11:44:23 UTC
Created attachment 336781 [details]
/var/log/Xorg.0.log
And just to make myself happy ... this is my /var/log/Xorg.0.log and I have no /etc/X11/xorg.conf
audit2allow suggests [root@viklef tmp]# ausearch -m AVC -x Xorg|audit2allow #============= staff_t ============== allow staff_t agp_device_t:chr_file { read write ioctl }; allow staff_t memory_device_t:chr_file { read write }; allow staff_t mtrr_device_t:file { write read }; allow staff_t self:capability { sys_rawio sys_admin dac_override }; allow staff_t sysfs_t:file write; allow staff_t tty_device_t:chr_file { write read ioctl setattr }; allow staff_t var_log_t:dir { write remove_name add_name }; allow staff_t var_log_t:file { write create }; allow staff_t xserver_log_t:file { rename unlink }; You are not allowed to run X if you are a confined user domain, you must use init 5 A confined user domain that can run the X Server can take over the machine. |