SuperSavage/IXC 64 hassle making DRI and SELinux work together

[Daniel J Walsh]

jfrieben at freesurf.fr wrote:

>There are many AVC entries in both files "/var/log/messages" and
>"/var/log/audit/audit.log". However, they do not seem to be related to the
>use of DRM. In particular, there is no additional entry upon call of
>"glxinfo" related to the SELinux framework, whereas there is some output to
>"/var/log/dmesg". If "SELinux" had intercepted some unauthorized
>access/action, it should at least have reported this somewhat more verbosely
>instead of simply crashing the X server in the case of "glxgears" - right?
>Here comes the snippet from "/var/log/messages" with AVC related stuff from
>the system boot procedure:
>
>"Jul 28 19:38:04 riemann kernel: audit(1122572272.500:3): avc:  denied  {
>read write } for  pid=1879 comm="runlevel" name="utmp" dev=dm-0 ino=196617
>scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:init_var_run_t
>tclass=file
>Jul 28 19:38:04 riemann kernel: audit(1122572272.500:4): avc:  denied  {
>read }for  pid=1879 comm="runlevel" name="utmp" dev=dm-0 ino=196617
>scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:init_var_run_t
>tclass=file
>Jul 28 19:38:04 riemann kernel: audit(1122572272.500:5): avc:  denied  {
>read write } for  pid=1879 comm="runlevel" name="utmp" dev=dm-0 ino=196617
>scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:init_var_run_t
>tclass=file
>Jul 28 19:38:04 riemann kernel: audit(1122572272.500:6): avc:  denied  {
>read }for  pid=1879 comm="runlevel" name="utmp" dev=dm-0 ino=196617
>scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:init_var_run_t
>tclass=file
>Jul 28 19:38:04 riemann kernel: SELinux: initialized (dev rpc_pipefs, type
>rpc_pipefs), uses genfs_contexts".
>
>
>  
>
This looks like you have some kind of labeleing problem.  utmp is labled 
init_var_run_t, it should be initrc_var_run_t
You may want to relabel.
Have you tried to boot with enforcing=0? 

Dan

--