On Thu, Feb 28, 2008 at 10:14 AM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Tom London wrote:
On Thu, Feb 28, 2008 at 7:41 AM, Tom London selinux@gmail.com wrote:
After applying today's selinux-policy* packages, gnome/gdm login fails: gdmgreeter runs, but X quickly dies after enter password and you're back to the greeter.
Booting up in permissive lets me log in.
Here are the borkages:
#============= mono_t ============== allow mono_t xdm_xserver_t:x_device read;
#============= unconfined_execmem_t ============== allow unconfined_execmem_t xdm_xserver_t:x_device read;
#============= unconfined_t ============== allow unconfined_t mono_t:x_resource write; allow unconfined_t unconfined_execmem_t:x_resource { write read }; allow unconfined_t unlabeled_t:x_drawable { destroy getattr }; [root@localhost ~]#
I attach complete log file.
This something to do with new X keyboard confinement stuff?
tom
Tom London
Reverting to selinux-policy-3.3.1-4.fc9.noarch fixes.....
tom
What does the unlabeled_t x_drawable avc look like?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfG+hkACgkQrlYvE4MpobMYBQCdE5YwQGLw46SEAcUSzN2SK5L1 jc4An0hyMOX039jru5aKdJGMjiHyesJp =IW9S -----END PGP SIGNATURE-----
I attached the log file with the AVCs in the original message:
type=USER_AVC msg=audit(1204212866.270:29): user pid=2907 uid=0 auid=4294967295 subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 msg='avc: denied null for request=GLX:MakeCurrent comm=compiz resid=b0 restype=WINDOW scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:x_rootwindow_t:s0 tclass=x_drawable : exe="/usr/bin/Xorg" (sauid=0, hostname=?, addr=?, terminal=?)'
I am running compiz, and it sort of looked like DRM was failing in Xorg.0.log.
Could that be an issue?