Tutorial on setting up SELinux / X Server
Daniel J Walsh
dwalsh at redhat.com
Fri Dec 18 15:09:04 UTC 2009
On 12/04/2009 05:51 PM, Eamon Walsh wrote:
> On 12/04/2009 10:59 AM, Tyler Durvik wrote:
>> I turned on the boolean:
>>
>> setsebool -P xserver_object_manager on
>>
>> and now I get the following in my Xorg.0.log file:
>>
>> SELinux: Invalid object class mapping, disabling SELinux support.
>>
>> Should I try the latest policy from oss.tresys.com? Would the
>> upstream reference policy fix this error?
>>
>> Thanks,
>> Mark
>>
>>
>
> OK, that error is because the x_pointer and x_keyboard object classes
> haven't made it into F-12 policy yet.
>
> You could try the upstream policy. I'd recommend sticking with the
> Fedora policy though, because I'm getting AVC's from upstream (at least
> on rawhide) and upstream is not tuned for Fedora. If you do compile
> from upstream make sure to set the "init_upstart" boolean to true or
> everything gets out of whack at boot time.
>
> If you're willing to rebuild the F-12 policy, you can add the attached
> patch which will fix the error above and allow the SELinux extension to
> run. As soon as I can get the rest of the new X policy ported I'll send
> it to Dan.
>
>
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Latest XServer policy will be in selinux-policy-3.7.4-7.fc13.noarch
More information about the fedora-selinux-list
mailing list