Description of problem: Repeated complaints that "SELinux is preventing Xorg (xdm_xserver_t) "compute_av" to <Unknown> (security_t)." Version-Release number of selected component (if applicable): selinux-policy-targeted-3.3.1-12.fc9 How reproducible: Frequently. Steps to Reproduce: 1. Log in to GNOME session. 2. Launch epiphany or perform similar action. Actual results: setroubleshoot applet comes up with an alert bubble. Expected results: Nothing. Additional info: Summary SELinux is preventing Xorg (xdm_xserver_t) "compute_create" to <Unknown> (security_t). Detailed Description SELinux denied access requested by Xorg. It is not expected that this access is required by Xorg and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional Information Source Context: system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 Target Context: system_u:object_r:security_t:s0 Target Objects: None [ security ] Source: Xorg Source Path: /usr/bin/Xorg Port: <Unknown> Host: fedora Source RPM Packages: xorg-x11-server-Xorg-1.4.99.901-1.20080307.fc9 Target RPM Packages: Policy RPM: selinux-policy-3.3.1-12.fc9 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Permissive Plugin Name: catchall Host Name: fedora Platform: Linux fedora 2.6.25-0.107.rc5.fc9 #1 SMP Tue Mar 11 08:07:35 EDT 2008 x86_64 x86_64 Alert Count: 2 First Seen: Wed 12 Mar 2008 04:22:15 PM CET Last Seen: Wed 12 Mar 2008 04:25:03 PM CET Local ID: 568d8c72-2b35-4b4b-9fa7-883746dc4f71 Line Numbers: Raw Audit Messages :host=fedora type=AVC msg=audit(1205335503.1:221): avc: denied { compute_create } for pid=2407 comm="Xorg" scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=security host=fedora type=SYSCALL msg=audit(1205335503.1:221): arch=c000003e syscall=1 success=yes exit=78 a0=36 a1=25aca70 a2=4e a3=0 items=0 ppid=2406 pid=2407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty7 ses=4294967295 comm="Xorg" exe="/usr/bin/Xorg" subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null)
We have turned off xselinux by default in Rawhide/FC9 Beta. You need to boot in enforcing mode to make it work correctly.