Bug 426708 - Getting hundreds of selinux X errors
Getting hundreds of selinux X errors
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-24 13:48 EST by Need Real Name
Modified: 2008-01-15 13:56 EST (History)
0 users

See Also:
Fixed In Version: selinux-policy-3.0.8-72.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-15 13:56:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2007-12-24 13:48:34 EST
Description of problem:

Source Context                system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023
Target Context                system_u:object_r:xserver_misc_device_t:s0
Target Objects                None [ chr_file ]
Affected RPM Packages         xorg-x11-server-Xorg-1.3.0.0-37.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-68.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.catchall_file
Host Name                     consult.pretender
Platform                      Linux consult.pretender 2.6.23.9-85.fc8 #1 SMP Fri
                              Dec 7 15:49:59 EST 2007 i686 i686
Alert Count                   518
First Seen                    Wed 12 Dec 2007 03:52:58 AM EST
Last Seen                     Mon 24 Dec 2007 12:51:13 AM EST
Local ID                      f0d73e8e-0750-4cff-971a-f8a850e67ecf
Line Numbers                  

Raw Audit Messages            

avc: denied { setattr } for comm=X dev=tmpfs egid=0 euid=0 exe=/usr/bin/Xorg
exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=nvidia0 pid=22557
scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 suid=0 tclass=chr_file
tcontext=system_u:object_r:xserver_misc_device_t:s0 tty=tty9 uid=0

Not sure what 'nvidia0' is but I am running the nvidia X drivers if that helps.
Comment 1 Daniel Walsh 2007-12-31 07:35:44 EST
You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-72.fc8

Note You need to log in before you can comment on or make changes to this bug.