Tutorial on setting up SELinux / X Server
Tyler Durvik
phangbyte at gmail.com
Fri Dec 4 15:59:29 UTC 2009
I turned on the boolean:
setsebool -P xserver_object_manager on
and now I get the following in my Xorg.0.log file:
SELinux: Invalid object class mapping, disabling SELinux support.
Should I try the latest policy from oss.tresys.com? Would the
upstream reference policy fix this error?
Thanks,
Mark
On Thu, Dec 3, 2009 at 10:07 PM, Eamon Walsh <ewalsh at tycho.nsa.gov> wrote:
> On 12/02/2009 10:22 PM, Tyler Durvik wrote:
>> Greetings,
>>
>> I am looking for a tutorial, or instructions, on how to set up an X
>> Server to work with SELinux. I have fedora 12 installed and ready to
>> go. Does anyone have links/pages to where I may find this
>> information?
>>
>> Thanks
>>
>
>
> Turn on the xserver_object_manager boolean and restart X, as described
> by Dominick. AVC's generated by X will go in Xorg.0.log as well as
> audit.log (as type "USER_AVC").
>
> The current X policy in F12 probably will generate AVC's on a full
> desktop session. There is a much improved X policy upstream that is not
> in F12 yet. I will bug Dan to ship it in his next update.
>
> If you want to run the X server in permissive mode but keep the rest of
> the system enforcing put the following in xorg.conf:
>
> Section "Module"
> SubSection "extmod"
> Option "SELinux mode permissive"
> EndSubSection
> EndSection
>
>
>
>
> --
>
> Eamon Walsh
> National Security Agency
>
>
More information about the fedora-selinux-list
mailing list