Bug 435745 - Various denials from xdm_xserver_t to security_t
Various denials from xdm_xserver_t to security_t
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-03 12:38 EST by Zack Cerza
Modified: 2008-07-02 15:43 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-02 15:43:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
audit.log (3.63 MB, text/plain)
2008-03-03 13:10 EST, Zack Cerza
no flags Details

  None (edit)
Description Zack Cerza 2008-03-03 12:38:49 EST
Description of problem:
I'm seeing lots and lots of avc denials while running X. They all seem to be
from source context xdm_xserver_t and target security_t.

If you want me to include all the messages, I can, but summarizing them might be
enough. It's being denied "read write", "compute_av", "compute_create",
"check_context", and "read" and "write" separately.

Additionally, I'm running in Permissive mode. If I enable Enforcing during a
session, very bad things happen.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.1-9.fc9.noarch
xorg-x11-server-Xorg-1.4.99.1-0.26.20080227.fc9.i386
Comment 1 Daniel Walsh 2008-03-03 13:02:14 EST
Please attach the audit.log
Comment 2 Zack Cerza 2008-03-03 13:10:16 EST
Created attachment 296649 [details]
audit.log
Comment 3 Daniel Walsh 2008-03-17 15:31:15 EDT
We have turned off the X SELinux for now.  The problem is the rules do not get
installed if you are in enforcing mode but if you boot in permissive mode and
then turn on enforcing mode, the rules will get loaded and enforced.

Comment 4 Bug Zapper 2008-05-14 01:44:33 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.