Bug 1309903 - [selinux-policy-targeted] Xorg fails to start up in enforcing mode
Summary: [selinux-policy-targeted] Xorg fails to start up in enforcing mode
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 24
Hardware: noarch
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-18 22:38 UTC by Joachim Frieben
Modified: 2016-03-05 18:00 UTC (History)
2 users (show)

Fixed In Version: selinux-policy-targeted-3.13.1-176.fc24
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-05 18:00:29 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Xorg log file after crash (6.24 KB, text/plain)
2016-02-18 22:38 UTC, Joachim Frieben
no flags Details
Output of 'ausearch -m avc,user_avc -ts recent' for Fedora Live image of 20160218 (14.34 KB, text/plain)
2016-02-19 17:07 UTC, Joachim Frieben
no flags Details
Xorg log file after executing setenforce 0 (26.14 KB, text/plain)
2016-02-20 20:22 UTC, Joachim Frieben
no flags Details
Various system labels before relabeling the file system (1.52 KB, text/plain)
2016-02-20 20:42 UTC, Joachim Frieben
no flags Details
Various system labels after relabeling the file system (2.27 KB, text/plain)
2016-02-20 20:43 UTC, Joachim Frieben
no flags Details

Description Joachim Frieben 2016-02-18 22:38:38 UTC
Created attachment 1128340 [details]
Xorg log file after crash

Description of problem:
For the current Fedora development tree, running 'startx' from run level 3 in a virtual machine leads to a crash of Xorg unless SELinux is run in permissive mode.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-171.fc24

How reproducible:
Always

Steps to Reproduce:
1. Boot system into run level 3.
2. Run 'startx'.

Actual results:
Xorg crashes with error "xf86EnableIOPorts: failed to set IOPL for I/O" etc.

Expected results:
Xorg starts up as expected.

Additional info:
Xorg starts up successfully after booting with SELinux in permissive mode.

Comment 1 Joachim Frieben 2016-02-19 08:26:32 UTC
Issue is absent after fully relabeling the file system. However, after a fresh network install from the Fedora development tree in a virtual machine like in this case, this should not be necessary - an anaconda issue? Maybe a full relabeling should be triggered by anaconda after install.

Comment 2 Miroslav Grepl 2016-02-19 10:29:57 UTC
Could you try to run

1. Boot system into run level 3.
2. # setenforce 1
3. # setenforce 0
4. Run 'startx'.
5. # ausearch -m avc,user_avc -ts recent

Thank you.

Comment 3 Joachim Frieben 2016-02-19 17:07:46 UTC
Created attachment 1128590 [details]
Output of 'ausearch -m avc,user_avc -ts recent' for Fedora Live image of 20160218

Comment 4 Joachim Frieben 2016-02-20 20:22:19 UTC
Created attachment 1128859 [details]
Xorg log file after executing setenforce 0

Comment 5 Joachim Frieben 2016-02-20 20:42:35 UTC
Created attachment 1128860 [details]
Various system labels before relabeling the file system

Comment 6 Joachim Frieben 2016-02-20 20:43:08 UTC
Created attachment 1128861 [details]
Various system labels after relabeling the file system

Comment 7 Jan Kurik 2016-02-24 15:52:50 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase


Note You need to log in before you can comment on or make changes to this bug.