First Last Prev Next    This bug is not in your last search results.
Bug 436820 - too many AVC denials to make individuals bugs to
too many AVC denials to make individuals bugs to
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-10 13:21 EDT by Matěj Cepl
Modified: 2008-03-10 14:44 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-10 14:44:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
/var/log/audit/audit.log (3.37 MB, text/plain)
2008-03-10 13:21 EDT, Matěj Cepl 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Matěj Cepl 2008-03-10 13:21:16 EDT 
Description of problem:
I have tried to run current Rawhide with SELinux enforcing and X crashes pretty
much everytime after no more than half an hour (now it is almost instant). When
reparsing /var/log/audit with sealert (file/scan logfile) I got A LOT of
different AVC denials.

So, although the primary reason why I have now problems with SELinux is that it
apparently crashes X (bug 436819).

Version-Release number of selected component (if applicable):
[matej@hubmaier ~]$ rpm -qa xorg-x11\*server\*
xorg-x11-server-debuginfo-1.4.99.1-0.23.20080222.fc9.x86_64
xorg-x11-server-common-1.4.99.901-1.20080307.fc9.x86_64
xorg-x11-server-Xorg-1.4.99.901-1.20080307.fc9.x86_64
xorg-x11-server-utils-7.3-3.fc9.x86_64
[matej@hubmaier ~]$ rpm -q selinux-policy-targeted
selinux-policy-targeted-3.3.1-12.fc9.noarch
Comment 1 Matěj Cepl 2008-03-10 13:21:17 EDT 
Created attachment 297468 [details]
/var/log/audit/audit.log
Comment 2 Matěj Cepl 2008-03-10 13:22:54 EDT 
needless to say is that I have pretty freshly relabelled hard disk.
Comment 3 Daniel Walsh 2008-03-10 14:44:44 EDT 
Most of these AVC's are related to XWindows policy, which is really in it's
infancy.  Although it should not have crashed your xserver.

The only XServer AVC's I see are related to nsplugin.

I am updating policy tonight and I think the next version of xserver will remove
the ability to run xserver as an SELInux policy manager by default.

Fixed in selinux-policy-3.3.1-13.fc9
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.