fedora-selinux February 2008 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: gnome login broken.... "null" avcs

Re: gnome login broken.... "null" avcs...

From: Tom London <selinux_at_nospam>
Date: Thu Feb 28 2008 - 18:45:42 GMT
To: "Daniel J Walsh" <dwalsh@redhat.com>


On Thu, Feb 28, 2008 at 10:14 AM, Daniel J Walsh <dwalsh@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Tom London wrote:
>
>
> > On Thu, Feb 28, 2008 at 7:41 AM, Tom London <selinux@gmail.com> wrote:
> >> After applying today's selinux-policy* packages, gnome/gdm login
> >> fails: gdmgreeter runs, but X quickly dies after enter password and
> >> you're back to the greeter.
> >>
> >> Booting up in permissive lets me log in.
> >>
> >> Here are the borkages:
> >>
> >>
> >> #============= mono_t ==============
> >> allow mono_t xdm_xserver_t:x_device read;
> >>
> >> #============= unconfined_execmem_t ==============
> >> allow unconfined_execmem_t xdm_xserver_t:x_device read;
> >>
> >> #============= unconfined_t ==============
> >> allow unconfined_t mono_t:x_resource write;
> >> allow unconfined_t unconfined_execmem_t:x_resource { write read };
> >> allow unconfined_t unlabeled_t:x_drawable { destroy getattr };
> >> [root@localhost ~]#
> >>
> >> I attach complete log file.
> >>
> >> This something to do with new X keyboard confinement stuff?
> >>
> >> tom
> >> --
> >> Tom London
> >>
> >
> > Reverting to selinux-policy-3.3.1-4.fc9.noarch fixes.....
> >
> > tom
> What does the unlabeled_t x_drawable avc look like?
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkfG+hkACgkQrlYvE4MpobMYBQCdE5YwQGLw46SEAcUSzN2SK5L1
> jc4An0hyMOX039jru5aKdJGMjiHyesJp
> =IW9S
> -----END PGP SIGNATURE-----
>

I attached the log file with the AVCs in the original message:

type=USER_AVC msg=audit(1204212866.270:29): user pid=2907 uid=0 auid=4294967295 subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 msg='avc: denied null for request=GLX:MakeCurrent comm=compiz resid=b0 restype=WINDOW
scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:x_rootwindow_t:s0 tclass=x_drawable : exe="/usr/bin/Xorg" (sauid=0, hostname=?, addr=?, terminal=?)'

I am running compiz, and it sort of looked like DRM was failing in Xorg.0.log.

Could that be an issue? -- Tom London -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list