Red Hat Bugzilla – Bug 431023
SELinux is preventing /usr/bin/Xorg (xdm_t) "mmap_zero" access to <Unknown> (xdm_t).
Last modified: 2015-01-07 19:16:18 EST
Description of problem:
Getting the following attempting to start Xorg under the 2.6.18-76.el5.i686
kernel with selinux-policy-2.4.6-114.el5.
Attaching the sealert output.
I'll try the latest policy package (-117.el5) but doesn't appear this problem
has been addressed there. Problem does not manifest on -75.el5 kernel, so I
suspect this is a side-effect of:
- [selinux] harden against null ptr dereference bugs (Eric Paris ) 
Created attachment 293552 [details]
sealert output for failure
Proposing as beta blocker, mostly because I'm not sure if we're considering
putting -76.el5 into the beta. QE ack for fixing this in 5.2.
selinux-policy-2.4.6-117.el5 doesn't change anything. And I should have noted
this is being seen with xorg-x11-server-1.1.1-48.34.el5.
Eric, wasn't the new kernel patch supposed to allow a CAP_RAW loophole?
CAP_RAW only takes effect if selinux=0.
this is a policy bug which i thought had been fixed back in 5.1 (even though we
didn't implement the kernel part) I know dan has this in rawhide.
Fixed in selinux-policy-2.4.6-118
Fix confirmed with 2.4.6-118. Will move to Verified once the package is
incorporated into a tree.
*** Bug 433687 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.