Bug 435566 - SELinux is preventing Xorg (xdm_xserver_t) "execstack" to <Unknown> (xdm_xserver_t).
SELinux is preventing Xorg (xdm_xserver_t) "execstack" to <Unknown> (xdm...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: xorg-x11 (Show other bugs)
7
i686 Linux
low Severity urgent
: ---
: ---
Assigned To: Adam Jackson
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-01 14:24 EST by Tim McConnell
Modified: 2008-03-03 10:14 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-03 10:14:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim McConnell 2008-03-01 14:24:35 EST
Description of problem:
Detailed Description
    SELinux denied access requested by Xorg. It is not expected that this access
    is required by Xorg and this access may signal an intrusion attempt. It is
    also possible that the specific version or configuration of the application
    is causing it to require additional access.


Version-Release number of selected component (if applicable):


How reproducible:
Unknown

Steps to Reproduce:
1.
2.Unknown
3.
  
Actual results: SETroubleshooter gives warning about executable stack 


Expected results: No more nasty grams from SETroubleshooter


Additional info:
Allowing Access
    You can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:xdm_xserver_t:SystemLow-
                              SystemHigh
Target Context                system_u:system_r:xdm_xserver_t:SystemLow-
                              SystemHigh
Target Objects                None [ process ]
Affected RPM Packages         
Policy RPM                    selinux-policy-2.6.4-70.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.catchall
Host Name                     timmieland.private
Platform                      Linux timmieland.private 2.6.23.14-64.fc7 #1 SMP
                              Sun Jan 20 23:54:08 EST 2008 i686 athlon
Alert Count                   6
First Seen                    Tue 19 Feb 2008 07:01:57 PM MST
Last Seen                     Thu 28 Feb 2008 10:15:17 AM MST
Local ID                      bacefd58-a610-4d5a-8968-ce1772b95cdb
Line Numbers                  

Raw Audit Messages            

avc: denied { execstack } for comm="Xorg" pid=3120
scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=process
tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023
Comment 1 Daniel Walsh 2008-03-03 10:14:01 EST
This is probably caused by some proprietary drivers.

You can allow this by executing

# grep execstack /var/log/audit/audit.log | audit2allow -M myxserver
# semodule -i myxserver.pp

Or by allowing all unconfined processes execstack

setsebool -P allow_execstack=1

Marking as notabug, since this is caused by other software and you can use
either of the commands above to work around it.

Note You need to log in before you can comment on or make changes to this bug.