Bug 435745 - Various denials from xdm_xserver_t to security_t
Summary: Various denials from xdm_xserver_t to security_t
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 9
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2008-03-03 17:38 UTC by Zack Cerza
Modified: 2008-07-02 19:43 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-02 19:43:14 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
audit.log (3.63 MB, text/plain)
2008-03-03 18:10 UTC, Zack Cerza
no flags Details

Description Zack Cerza 2008-03-03 17:38:49 UTC
Description of problem:
I'm seeing lots and lots of avc denials while running X. They all seem to be
from source context xdm_xserver_t and target security_t.

If you want me to include all the messages, I can, but summarizing them might be
enough. It's being denied "read write", "compute_av", "compute_create",
"check_context", and "read" and "write" separately.

Additionally, I'm running in Permissive mode. If I enable Enforcing during a
session, very bad things happen.

Version-Release number of selected component (if applicable):

Comment 1 Daniel Walsh 2008-03-03 18:02:14 UTC
Please attach the audit.log

Comment 2 Zack Cerza 2008-03-03 18:10:16 UTC
Created attachment 296649 [details]

Comment 3 Daniel Walsh 2008-03-17 19:31:15 UTC
We have turned off the X SELinux for now.  The problem is the rules do not get
installed if you are in enforcing mode but if you boot in permissive mode and
then turn on enforcing mode, the rules will get loaded and enforced.

Comment 4 Bug Zapper 2008-05-14 05:44:33 UTC
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:

Note You need to log in before you can comment on or make changes to this bug.