policy rules for use as Xterminal
Herald van der Breggen
herald at breggen.xs4all.nl
Mon Apr 12 10:36:41 UTC 2004
Hello,
I just installed FC2 on my laptop and changed /etc/inittab for use as
Xterminal:
removed the line
#x:5:respawn:/etc/X11/prefdm -nodaemon
added the line
x:5:respawn:/usr/X11R6/bin/X -query 192.168.1.12
The current policy files don't allow init to start X (which is a symlink
to XFree in the same direcory).
avc: denied { execute } for pid=3058 exe=/sbin/init name=XFree86
dev=hda5 ino=395703 scontext=system_u:system_r:init_t
tcontext=system_u:object_r:policy_config_t tclass=file
Question one: should the default set of policy rules not allow this?
Question two: what is the best way to allow to start the X server by
init? I am new to selinux and have trouble to find my way. I struggled
with the newrules.pl script (which not seemed to right way to solve this
problem) and tried rules like
can_exec(init_t, xserver_exec_t);
can_exec(init_t, xserver_log_t);
which are not enough (still: avc: denied { search } for pid=5116
exe=/usr/X11R6/bin/XFree86 name=tmp dev=hda5 ino=273633
scontext=system_u:system_r:init_t tcontext=system_u:object_r:tmp_t
tclass=dir).
Any help is appreciated!
Herald
--
Herald van der Breggen <herald at breggen.xs4all.nl>
More information about the fedora-selinux-list
mailing list