usbfs, updpwd_t, gdm (xdm_t) avcs with today's rawhide
Tom London
selinux at gmail.com
Sun Dec 2 00:19:02 UTC 2007
Today's gdm is finally runnable for me, and with gcc-4.1.2-33, I can
compile newest kernel (2.6.24-0.61.rc3.git5.local.fc9).
However, a bunch of AVCs:
#============= mount_t ==============
allow mount_t usbfs_t:dir { read ioctl };
#============= updpwd_t ==============
allow updpwd_t tty_device_t:chr_file { read write };
#============= xdm_t ==============
allow xdm_t gconfd_exec_t:file { read execute execute_no_trans };
allow xdm_t inotifyfs_t:dir getattr;
allow xdm_t self:netlink_selinux_socket { read bind create };
allow xdm_t system_dbusd_exec_t:file { read execute execute_no_trans };
allow xdm_t system_dbusd_t:dbus acquire_svc;
allow xdm_t var_lib_t:file { rename unlink append };
allow xdm_t var_log_t:file write;
The mount_t/usbfs_t ones come early in boot.
Without adding rules for the xdm_t ones (at least some of them),
graphical login fails with 'X respawn too fast' messages.
I attach the AVCs from /var/log/messages and /var/log/audit/audit.log
tom
--
Tom London
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.txt
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20071201/5f3948dc/attachment.txt>
More information about the fedora-selinux-list
mailing list