gnome login broken.... "null" avcs...

Tom London selinux at gmail.com
Thu Feb 28 18:47:39 UTC 2008 

On Thu, Feb 28, 2008 at 10:06 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>
>
>  Tom London wrote:
>  > On Thu, Feb 28, 2008 at 7:41 AM, Tom London <selinux at gmail.com> wrote:
>  >> After applying today's selinux-policy* packages, gnome/gdm login
>  >>  fails: gdmgreeter runs, but X quickly dies after enter password and
>  >>  you're back to the greeter.
>  >>
>  >>  Booting up in permissive lets me log in.
>  >>
>  >>  Here are the borkages:
>  >>
>  >>
>  >>  #============= mono_t ==============
>  >>  allow mono_t xdm_xserver_t:x_device read;
>  >>
>  >>  #============= unconfined_execmem_t ==============
>  >>  allow unconfined_execmem_t xdm_xserver_t:x_device read;
>  >>
>  >>  #============= unconfined_t ==============
>  >>  allow unconfined_t mono_t:x_resource write;
>  >>  allow unconfined_t unconfined_execmem_t:x_resource { write read };
>  >>  allow unconfined_t unlabeled_t:x_drawable { destroy getattr };
>  >>  [root at localhost ~]#
>  >>
>  >>  I attach complete log file.
>  >>
>  >>  This something to do with new X keyboard confinement stuff?
>  >>
>  >>  tom
>  >>  --
>  >>  Tom London
>  >>
>  >
>  > Reverting to selinux-policy-3.3.1-4.fc9.noarch fixes.....
>  >
>  > tom
>  Did you have the xserver_object_manager boolean turned on?  This should
>  only have effected those machines, that were dumb^wadventuresome enough
>  to turn this on.
>  -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v1.4.8 (GNU/Linux)
>  Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
>  iEYEARECAAYFAkfG+BQACgkQrlYvE4MpobNnRQCfbNeuVabGA9dUfo9X1yBlvGKH
>  73QAnjcUlJH1Xgabj3Mbopz7rCgMMwxr
>  =+82k
>  -----END PGP SIGNATURE-----
>
Nope:

[root at localhost ~]# getsebool -a | grep xserver
allow_xserver_execmem --> on
xserver_object_manager --> off
[root at localhost ~]#

compiz/glx?  I get this in Xorg.0.log:

Backtrace:
0: /usr/bin/Xorg(xf86SigHandler+0x79) [0x80bc9a9]
1: [0x110400]
2: /usr/lib/xorg/modules/extensions//libglx.so(__glXDeassociateContext+0x19)
[0x1d73b9]
3: /usr/lib/xorg/modules/extensions//libglx.so(__glXContextDestroy+0x23)
[0x1d35b3]
4: /usr/lib/xorg/modules/extensions//libglx.so [0x20dfe8]
5: /usr/lib/xorg/modules/extensions//libglx.so(__glXFreeContext+0x89) [0x1d5c09]
6: /usr/lib/xorg/modules/extensions//libglx.so [0x1d5c57]
7: /usr/bin/Xorg(FreeClientResources+0xe6) [0x806d4e6]
8: /usr/bin/Xorg(CloseDownClient+0x1ec) [0x807f33c]
9: /usr/bin/Xorg(Dispatch+0x208) [0x8085588]
10: /usr/bin/Xorg(main+0x475) [0x806b1d5]
11: /lib/libc.so.6(__libc_start_main+0xe6) [0x444516]
12: /usr/bin/Xorg(FontFileCompleteXLFD+0x215) [0x806a5c1]




tom
-- 
Tom London

More information about the fedora-selinux-list mailing list