Bug 435745 - Various denials from xdm_xserver_t to security_t
Summary: Various denials from xdm_xserver_t to security_t
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-03 17:38 UTC by Zack Cerza
Modified: 2008-07-02 19:43 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-02 19:43:14 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
audit.log (3.63 MB, text/plain)
2008-03-03 18:10 UTC, Zack Cerza
no flags Details

Description Zack Cerza 2008-03-03 17:38:49 UTC
Description of problem:
I'm seeing lots and lots of avc denials while running X. They all seem to be
from source context xdm_xserver_t and target security_t.

If you want me to include all the messages, I can, but summarizing them might be
enough. It's being denied "read write", "compute_av", "compute_create",
"check_context", and "read" and "write" separately.

Additionally, I'm running in Permissive mode. If I enable Enforcing during a
session, very bad things happen.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.1-9.fc9.noarch
xorg-x11-server-Xorg-1.4.99.1-0.26.20080227.fc9.i386

Comment 1 Daniel Walsh 2008-03-03 18:02:14 UTC
Please attach the audit.log

Comment 2 Zack Cerza 2008-03-03 18:10:16 UTC
Created attachment 296649 [details]
audit.log

Comment 3 Daniel Walsh 2008-03-17 19:31:15 UTC
We have turned off the X SELinux for now.  The problem is the rules do not get
installed if you are in enforcing mode but if you boot in permissive mode and
then turn on enforcing mode, the rules will get loaded and enforced.



Comment 4 Bug Zapper 2008-05-14 05:44:33 UTC
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping


Note You need to log in before you can comment on or make changes to this bug.