Testing out your selinux-policy-2.4.5-4.fc5 packages (thanks!). Seeing the following at boot: audit(1164729551.665:4): avc: denied { execheap } for pid=1338 comm="Xorg" scontext=system_u:system_r:xdm_xserver_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0 tclass=process audit(1164729551.665:5): avc: denied { execheap } for pid=1338 comm="Xorg" scontext=system_u:system_r:xdm_xserver_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0 tclass=process audit(1164729551.665:6): avc: denied { execheap } for pid=1338 comm="Xorg" scontext=system_u:system_r:xdm_xserver_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0 tclass=process audit(1164729599.287:7): avc: denied { execheap } for pid=2846 comm="X" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process audit(1164729599.288:8): avc: denied { execheap } for pid=2846 comm="X" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process audit(1164729599.288:9): avc: denied { execheap } for pid=2846 comm="X" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process Don't see it on other machines, so it may be limited to the i810 or synaptics driver. Does not appear to have prevented any functionality so far though.
This is xorg-x11-drv-i810-1.5.1.0-1 from FC5 updates-testing. Don't know if this occurs or not with the stock FC5 driver.
Confirmed that it also occurs with xorg-x11-drv-i810-1.4.1.3-3.1
Also seeing with xorg-x11-drv-nv-1.2.0-3.fc5
On a Radeon XPRESS 200M 5955 (PCIE) system (xorg-x11-drv-ati-6.5.7.3-4.x86_64) this causes X to abort with a segementation fault.
set the boolean allow_execheap. setsebool -P allow_execheap=1 Please report these as bugs to xorg or others rpm packages who are causing this problem. Allowing execheap is not a great idea. http://people.redhat.com/~drepper/selinux-mem.html
Oh, FC5. I think this just needs a backport of the selinux awareness patch from FC6.
Fedora Core 5 is no longer supported, please, could you reproduce this bug with the updated version of the currently supported distribution (Fedora Core 6, or Fedora 7, or Rawhide)? If this issue turns out to still be reproducible, please let us know in this bug report. If after a month's time we have not heard back from you, we will have to close this bug as CANTFIX/INSUFFICIENT_DATA. Setting status to NEEDINFO, and awaiting information from the reporter. Thanks in advance.