Tutorial on setting up SELinux / X Server
Eamon Walsh
ewalsh at tycho.nsa.gov
Fri Dec 4 22:51:26 UTC 2009
On 12/04/2009 10:59 AM, Tyler Durvik wrote:
> I turned on the boolean:
>
> setsebool -P xserver_object_manager on
>
> and now I get the following in my Xorg.0.log file:
>
> SELinux: Invalid object class mapping, disabling SELinux support.
>
> Should I try the latest policy from oss.tresys.com? Would the
> upstream reference policy fix this error?
>
> Thanks,
> Mark
>
>
OK, that error is because the x_pointer and x_keyboard object classes
haven't made it into F-12 policy yet.
You could try the upstream policy. I'd recommend sticking with the
Fedora policy though, because I'm getting AVC's from upstream (at least
on rawhide) and upstream is not tuned for Fedora. If you do compile
from upstream make sure to set the "init_upstart" boolean to true or
everything gets out of whack at boot time.
If you're willing to rebuild the F-12 policy, you can add the attached
patch which will fix the error above and allow the SELinux extension to
run. As soon as I can get the rest of the new X policy ported I'll send
it to Dan.
--
Eamon Walsh
National Security Agency
-------------- next part --------------
A non-text attachment was scrubbed...
Name: policy-X1.patch
Type: text/x-patch
Size: 1398 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091204/d623aaba/attachment.bin>
More information about the fedora-selinux-list
mailing list