SELinux stops new X11?

[Jim Cornette]

Stephen Smalley wrote:

>On Thu, 2004-08-19 at 19:10, Richard Hally wrote:
>  
>
>>The new xorg-X11(6.7.99.902-1) will not start with the current strict 
>>SELinux policy(1.15.16-1) in enforcing mode. (xorg-x11-*6.7.0-7.2 works 
>>just fine). I have not tried permissive mode.
>> It looks like something has changed in X11 that has to do with the 
>>fonts and the SE policy has not been  updated to  handle it but that is 
>>just speculation.
>>    
>>
>
>I applied the patch below to my /etc/init.d/xfs to fix.  This patch
>restores the type on /tmp/.font-unix when it is re-created by
>/etc/init.d/xfs.  I assume that previously xfs was directly creating the
>directory itself, so that the file_type_auto_trans rule for xfs_t was
>sufficient to label it, but since it is now being created by the init
>script, it is getting a different type.
>
>--- /etc/init.d/xfs.old	2004-08-18 14:45:54.000000000 -0400
>+++ /etc/init.d/xfs	2004-08-20 07:16:01.539914488 -0400
>@@ -78,6 +78,7 @@
>    mkdir $FONT_UNIX_DIR
>    chown root:root $FONT_UNIX_DIR
>    chmod 1777 $FONT_UNIX_DIR
>+   restorecon $FONT_UNIX_DIR
> 
>    daemon xfs -droppriv -daemon
>    ret=$?
>
>  
>
with 903-1, I was getting the below errors and am running targeted and 
enforcing. I noted these in /var/log/messages when trying to track down 
another problem. I don't know if this is applicable or not to the 
problem described.

Jim

/var/log/messages displays the below xfs errors regarding the speedo font.

Aug 29 13:34:22 localhost xfs[3371]: ignoring font path element
/usr/X11R6/lib/X11/fonts/Speedo (unreadable)
Aug 29 14:27:32 localhost xfs[3371]: ignoring font path element
/usr/X11R6/lib/X11/fonts/Speedo (unreadable)
Aug 29 16:00:00 localhost xfs[3595]: ignoring font path element
/usr/X11R6/lib/X11/fonts/Speedo (unreadable)
Aug 29 16:14:59 localhost xfs[3154]: ignoring font path element
/usr/X11R6/lib/X11/fonts/Speedo (unreadable)



-- 
Old age is too high a price to pay for maturity.