gnome login broken.... "null" avcs...

Tom London selinux at gmail.com
Thu Feb 28 18:45:42 UTC 2008


On Thu, Feb 28, 2008 at 10:14 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>  Tom London wrote:
>
>
> > On Thu, Feb 28, 2008 at 7:41 AM, Tom London <selinux at gmail.com> wrote:
>  >> After applying today's selinux-policy* packages, gnome/gdm login
>  >>  fails: gdmgreeter runs, but X quickly dies after enter password and
>  >>  you're back to the greeter.
>  >>
>  >>  Booting up in permissive lets me log in.
>  >>
>  >>  Here are the borkages:
>  >>
>  >>
>  >>  #============= mono_t ==============
>  >>  allow mono_t xdm_xserver_t:x_device read;
>  >>
>  >>  #============= unconfined_execmem_t ==============
>  >>  allow unconfined_execmem_t xdm_xserver_t:x_device read;
>  >>
>  >>  #============= unconfined_t ==============
>  >>  allow unconfined_t mono_t:x_resource write;
>  >>  allow unconfined_t unconfined_execmem_t:x_resource { write read };
>  >>  allow unconfined_t unlabeled_t:x_drawable { destroy getattr };
>  >>  [root at localhost ~]#
>  >>
>  >>  I attach complete log file.
>  >>
>  >>  This something to do with new X keyboard confinement stuff?
>  >>
>  >>  tom
>  >>  --
>  >>  Tom London
>  >>
>  >
>  > Reverting to selinux-policy-3.3.1-4.fc9.noarch fixes.....
>  >
>  > tom
>  What does the unlabeled_t x_drawable avc look like?
>
> -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v1.4.8 (GNU/Linux)
>  Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
>  iEYEARECAAYFAkfG+hkACgkQrlYvE4MpobMYBQCdE5YwQGLw46SEAcUSzN2SK5L1
>  jc4An0hyMOX039jru5aKdJGMjiHyesJp
>  =IW9S
>  -----END PGP SIGNATURE-----
>

I attached the log file with the AVCs in the original message:

type=USER_AVC msg=audit(1204212866.270:29): user pid=2907 uid=0
auid=4294967295 subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023
msg='avc:  denied  null for request=GLX:MakeCurrent comm=compiz
resid=b0 restype=WINDOW
scontext=unconfined_u:unconfined_r:unconfined_t:s0
tcontext=system_u:object_r:x_rootwindow_t:s0 tclass=x_drawable :
exe="/usr/bin/Xorg" (sauid=0, hostname=?, addr=?, terminal=?)'

I am running compiz, and it sort of looked like DRM was failing in Xorg.0.log.

Could that be an issue?

-- 
Tom London




More information about the fedora-selinux-list mailing list