New F10 X AVC
Joe Nall
joe at nall.com
Fri Jan 9 16:52:28 UTC 2009
On Jan 7, 2009, at 10:34 PM, Joe Nall wrote:
> Any clue what is going on with this AVC? This is is a local variant
> of selinux-policy-mls-3.5.13-125. xterms and our non-gtk apps do not
> generate this AVC. It is fatal to the apps that experience it. New
> in F10.
Follow up: I can get around this by disabling RANDR and XINERAMA
joe
> node=fast type=USER_AVC msg=audit(1231388602.219:4379667): user
> pid=3917 uid=0 auid=4294967295 ses=4294967295
> subj=system_u:system_r:xdm_xserver_t:s0-s15:c0.c1023 msg='avc:
> denied { write } for request=RANDR:SelectInput comm=/usr/lib64/
> firefox-3.0.5/firefox resid=78 restype=WINDOW
> scontext=user_u:user_r:user_t:s6:c0.c511
> tcontext=system_u:object_r:xdm_rootwindow_t:s0-s15:c0.c1023
> tclass=x_drawable : exe="/usr/bin/Xorg" (sauid=0, hostname=?,
> addr=?, terminal=?)'
> node=fast type=USER_AVC msg=audit(1231388632.992:4379857): user
> pid=3917 uid=0 auid=4294967295 ses=4294967295
> subj=system_u:system_r:xdm_xserver_t:s0-s15:c0.c1023 msg='avc:
> denied { write } for request=RANDR:SelectInput comm=/usr/bin/gnome-
> terminal resid=78 restype=WINDOW
> scontext=user_u:user_r:user_t:s4:c0,c2,c11,c200.c511
> tcontext=system_u:object_r:xdm_rootwindow_t:s0-s15:c0.c1023
> tclass=x_drawable : exe="/usr/bin/Xorg" (sauid=0, hostname=?,
> addr=?, terminal=?)'
>
More information about the fedora-selinux-list
mailing list