SELinux stops new X11?

Richard Hally rhallyx at mindspring.com
Thu Aug 19 23:10:09 UTC 2004 

The new xorg-X11(6.7.99.902-1) will not start with the current strict 
SELinux policy(1.15.16-1) in enforcing mode. (xorg-x11-*6.7.0-7.2 works 
just fine). I have not tried permissive mode.
 It looks like something has changed in X11 that has to do with the 
fonts and the SE policy has not been  updated to  handle it but that is 
just speculation.

from my Xorg.0.log:
<snip>
 (II) Mouse0: ps2EnableDataReporting: succeeded
Could not init font path element unix/:7100, removing from list!
 
Fatal server error:
could not open default font 'fixed'
 
Please consult the The X.Org Foundation support
         at http://wiki.X.Org
 for help.
Please also check the log file at "/var/log/Xorg.0.log" for additional 
information.
 
 
   *** If unresolved symbols were reported above, they might not
   *** be the reason for the server aborting.
 
FatalError re-entered, aborting
Caught signal 11.  Server aborting
----------------------------------------------------------------------end 
of xorg log-----------------------------------------

 From /var/log/messages:

Aug 19 17:34:53 new2 kernel: audit(1092951293.022:0): avc:  denied  { 
getattr }
for  pid=2578 exe=/usr/X11R6/bin/xfs path=/tmp/.font-unix dev=hda2 
ino=1840549 scontext=system_u:system_r:xfs_t 
tcontext=system_u:object_r:initrc_tmp_t tclass=dir
Aug 19 17:34:53 new2 xfs[2578]: cannot establish any listening sockets
Aug 19 17:34:53 new2 xfs: xfs startup succeeded
Aug 19 17:34:53 new2 xfs[2578]: ignoring font path element 
/usr/X11R6/lib/X11/fonts/Speedo (unreadable)

Aug 19 17:35:13 new2 kernel: audit(1092951313.544:0): avc:  denied  { 
read } for  pid=2995 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file
Aug 19 17:35:13 new2 last message repeated 2 times
Aug 19 17:35:13 new2 kernel: audit(1092951313.545:0): avc:  denied  { 
read } for  pid=2995 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file
Aug 19 17:35:13 new2 last message repeated 4 times
Aug 19 17:35:15 new2 kernel: audit(1092951315.876:0): avc:  denied  { 
search } for  pid=2995 exe=/usr/X11R6/bin/Xorg name=.font-unix dev=hda2 
ino=1840549 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:initrc_tmp_t tclass=dir

Aug 19 17:35:19 new2 kernel: audit(1092951319.457:0): avc:  denied  { 
read } for  pid=3329 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file
Aug 19 17:35:19 new2 last message repeated 3 times
Aug 19 17:35:19 new2 kernel: audit(1092951319.458:0): avc:  denied  { 
read } for  pid=3329 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file
Aug 19 17:35:19 new2 last message repeated 3 times

Aug 19 17:35:21 new2 kernel: audit(1092951321.333:0): avc:  denied  { 
search } for  pid=3329 exe=/usr/X11R6/bin/Xorg name=.font-unix dev=hda2 
ino=1840549 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:initrc_tmp_t tclass=dir
Aug 19 17:35:21 new2 gdm[3304]: gdm_slave_xioerror_handler: Fatal X 
error - Restarting :0

Aug 19 17:35:24 new2 kernel: audit(1092951324.885:0): avc:  denied  { 
read } for  pid=3494 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file
Aug 19 17:35:24 new2 kernel: audit(1092951324.886:0): avc:  denied  { 
read } for  pid=3494 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file
Aug 19 17:35:24 new2 last message repeated 6 times

FWIW
Richard Hally

More information about the fedora-test-list mailing list