Bug 1309903 - [selinux-policy-targeted] Xorg fails to start up in enforcing mode
[selinux-policy-targeted] Xorg fails to start up in enforcing mode
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
24
noarch Linux
medium Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-18 17:38 EST by Joachim Frieben
Modified: 2016-03-05 13:00 EST (History)
2 users (show)

See Also:
Fixed In Version: selinux-policy-targeted-3.13.1-176.fc24
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-05 13:00:29 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Xorg log file after crash (6.24 KB, text/plain)
2016-02-18 17:38 EST, Joachim Frieben
no flags Details
Output of 'ausearch -m avc,user_avc -ts recent' for Fedora Live image of 20160218 (14.34 KB, text/plain)
2016-02-19 12:07 EST, Joachim Frieben
no flags Details
Xorg log file after executing setenforce 0 (26.14 KB, text/plain)
2016-02-20 15:22 EST, Joachim Frieben
no flags Details
Various system labels before relabeling the file system (1.52 KB, text/plain)
2016-02-20 15:42 EST, Joachim Frieben
no flags Details
Various system labels after relabeling the file system (2.27 KB, text/plain)
2016-02-20 15:43 EST, Joachim Frieben
no flags Details

  None (edit)
Description Joachim Frieben 2016-02-18 17:38:38 EST
Created attachment 1128340 [details]
Xorg log file after crash

Description of problem:
For the current Fedora development tree, running 'startx' from run level 3 in a virtual machine leads to a crash of Xorg unless SELinux is run in permissive mode.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-171.fc24

How reproducible:
Always

Steps to Reproduce:
1. Boot system into run level 3.
2. Run 'startx'.

Actual results:
Xorg crashes with error "xf86EnableIOPorts: failed to set IOPL for I/O" etc.

Expected results:
Xorg starts up as expected.

Additional info:
Xorg starts up successfully after booting with SELinux in permissive mode.
Comment 1 Joachim Frieben 2016-02-19 03:26:32 EST
Issue is absent after fully relabeling the file system. However, after a fresh network install from the Fedora development tree in a virtual machine like in this case, this should not be necessary - an anaconda issue? Maybe a full relabeling should be triggered by anaconda after install.
Comment 2 Miroslav Grepl 2016-02-19 05:29:57 EST
Could you try to run

1. Boot system into run level 3.
2. # setenforce 1
3. # setenforce 0
4. Run 'startx'.
5. # ausearch -m avc,user_avc -ts recent

Thank you.
Comment 3 Joachim Frieben 2016-02-19 12:07 EST
Created attachment 1128590 [details]
Output of 'ausearch -m avc,user_avc -ts recent' for Fedora Live image of 20160218
Comment 4 Joachim Frieben 2016-02-20 15:22 EST
Created attachment 1128859 [details]
Xorg log file after executing setenforce 0
Comment 5 Joachim Frieben 2016-02-20 15:42 EST
Created attachment 1128860 [details]
Various system labels before relabeling the file system
Comment 6 Joachim Frieben 2016-02-20 15:43 EST
Created attachment 1128861 [details]
Various system labels after relabeling the file system
Comment 7 Jan Kurik 2016-02-24 10:52:50 EST
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase

Note You need to log in before you can comment on or make changes to this bug.