Description of problem: Getting the following attempting to start Xorg under the 2.6.18-76.el5.i686 kernel with selinux-policy-2.4.6-114.el5. Attaching the sealert output. I'll try the latest policy package (-117.el5) but doesn't appear this problem has been addressed there. Problem does not manifest on -75.el5 kernel, so I suspect this is a side-effect of: - [selinux] harden against null ptr dereference bugs (Eric Paris ) [233021]
Created attachment 293552 [details] sealert output for failure
Proposing as beta blocker, mostly because I'm not sure if we're considering putting -76.el5 into the beta. QE ack for fixing this in 5.2.
selinux-policy-2.4.6-117.el5 doesn't change anything. And I should have noted this is being seen with xorg-x11-server-1.1.1-48.34.el5.
Eric, wasn't the new kernel patch supposed to allow a CAP_RAW loophole?
CAP_RAW only takes effect if selinux=0. this is a policy bug which i thought had been fixed back in 5.1 (even though we didn't implement the kernel part) I know dan has this in rawhide.
Fixed in selinux-policy-2.4.6-118
Fix confirmed with 2.4.6-118. Will move to Verified once the package is incorporated into a tree.
*** Bug 433687 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html