From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.6) Gecko/20040312 Epiphany/1.1.12 Description of problem: On my PowerPC-based system, x.org's server wishes to access /proc/sys/dev (probably for mac_hid/mouse emulation) and /proc/bus/pci. When I set SELinux to enforce, these operations are blocked and X does not start. Here are the relavent logs: avc: denied { search } for pid=1504 exe=/usr/X11R6/bin/XFree86 name=dev dev=ino=5303 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:sysctl_dev_t tclass=dir avc: denied { getattr } for pid=1504 exe=/usr/X11R6/bin/XFree86 path=/proc/bus/pci dev= ino=5458 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:proc_t tclass=dir Perhaps x86's X server not touch these directories? I assume this policy works on x86 because I haven't seen any mention of this on the fedora-dev or -test mailing lists. Adding the following to xserver_macros.te gets X to load on PowerPC: # Access /proc/bus/pci allow $1_xserver_t proc_t:dir { getattr read }; However, I don't know if this is the correct way to do this. I'm not even sure exactly why X is trying to read from /proc/bus/pci. Version-Release number of selected component (if applicable): policy-sources-1.10.2-4 How reproducible: Always Steps to Reproduce: Turn on SELinux enforcing on a PowerPC-based system and try to start X. Additional info:
Created attachment 99429 [details] New configuration that works with PowerPC and X Russell Coker sent me this and it seems to work fine. Note that the string "XFree86" is in it (only in a comment, though). This should be replaced with Xorg.
New packages: libselinux-1.11-3.i386.rpm libselinux-devel-1.11-3.i386.rpm policy-1.11.2-3.noarch.rpm policy-sources-1.11.2-3.noarch.rpm from: ftp://people.redhat.com/dwalsh/SELinux/Fedora Fixes for me.
sorry about the noise ... not using PowerPC