gnome login broken.... "null" avcs...
Tom London
selinux at gmail.com
Thu Feb 28 18:45:42 UTC 2008
On Thu, Feb 28, 2008 at 10:14 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Tom London wrote:
>
>
> > On Thu, Feb 28, 2008 at 7:41 AM, Tom London <selinux at gmail.com> wrote:
> >> After applying today's selinux-policy* packages, gnome/gdm login
> >> fails: gdmgreeter runs, but X quickly dies after enter password and
> >> you're back to the greeter.
> >>
> >> Booting up in permissive lets me log in.
> >>
> >> Here are the borkages:
> >>
> >>
> >> #============= mono_t ==============
> >> allow mono_t xdm_xserver_t:x_device read;
> >>
> >> #============= unconfined_execmem_t ==============
> >> allow unconfined_execmem_t xdm_xserver_t:x_device read;
> >>
> >> #============= unconfined_t ==============
> >> allow unconfined_t mono_t:x_resource write;
> >> allow unconfined_t unconfined_execmem_t:x_resource { write read };
> >> allow unconfined_t unlabeled_t:x_drawable { destroy getattr };
> >> [root at localhost ~]#
> >>
> >> I attach complete log file.
> >>
> >> This something to do with new X keyboard confinement stuff?
> >>
> >> tom
> >> --
> >> Tom London
> >>
> >
> > Reverting to selinux-policy-3.3.1-4.fc9.noarch fixes.....
> >
> > tom
> What does the unlabeled_t x_drawable avc look like?
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkfG+hkACgkQrlYvE4MpobMYBQCdE5YwQGLw46SEAcUSzN2SK5L1
> jc4An0hyMOX039jru5aKdJGMjiHyesJp
> =IW9S
> -----END PGP SIGNATURE-----
>
I attached the log file with the AVCs in the original message:
type=USER_AVC msg=audit(1204212866.270:29): user pid=2907 uid=0
auid=4294967295 subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023
msg='avc: denied null for request=GLX:MakeCurrent comm=compiz
resid=b0 restype=WINDOW
scontext=unconfined_u:unconfined_r:unconfined_t:s0
tcontext=system_u:object_r:x_rootwindow_t:s0 tclass=x_drawable :
exe="/usr/bin/Xorg" (sauid=0, hostname=?, addr=?, terminal=?)'
I am running compiz, and it sort of looked like DRM was failing in Xorg.0.log.
Could that be an issue?
--
Tom London
More information about the fedora-selinux-list
mailing list