Tom London wrote:
On Thu, Feb 28, 2008 at 10:06 AM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Tom London wrote:
On Thu, Feb 28, 2008 at 7:41 AM, Tom London selinux@gmail.com wrote:
After applying today's selinux-policy* packages, gnome/gdm login fails: gdmgreeter runs, but X quickly dies after enter password and you're back to the greeter.
Booting up in permissive lets me log in.
Here are the borkages:
#============= mono_t ============== allow mono_t xdm_xserver_t:x_device read;
#============= unconfined_execmem_t ============== allow unconfined_execmem_t xdm_xserver_t:x_device read;
#============= unconfined_t ============== allow unconfined_t mono_t:x_resource write; allow unconfined_t unconfined_execmem_t:x_resource { write read }; allow unconfined_t unlabeled_t:x_drawable { destroy getattr }; [root@localhost ~]#
The "null" avc's are fixed in the upstream X server. This is a bad security hook call in the GLX code and affects GLX programs such as compiz.
The unlabeled AVC is the result of a mislabeled program?