xfs socket startup fails with strict policy
Richard Hally
rhally at mindspring.com
Fri Aug 27 05:07:01 UTC 2004
Leonard den Ottolander wrote:
>Hi Richard,
>
>On Thu, 2004-08-26 at 23:12, Richard Hally wrote:
>
>
>>Look like the correction needs to be made in the X startup script.
>>
>>
>
>By the way, can one work around this by enabling tcp sockets for xfs? Or
>is there a one line patch that makes the startup script tag that
>directory correctly?
>
>Leonard.
>
>
>
Below is part of the previous thread "SELinux stops new X11" (I'd give
you a url but the list archive is down att)
There may be changes to the strict policy from Russell Coker as well.
Richard Hally
On Thu, 2004-08-19 at 19:10, Richard Hally wrote:
>> The new xorg-X11(6.7.99.902-1) will not start with the current strict
>> SELinux policy(1.15.16-1) in enforcing mode. (xorg-x11-*6.7.0-7.2 works
>> just fine). I have not tried permissive mode.
>> It looks like something has changed in X11 that has to do with the
>> fonts and the SE policy has not been updated to handle it but that is
>> just speculation.
>
>
I applied the patch below to my /etc/init.d/xfs to fix. This patch
restores the type on /tmp/.font-unix when it is re-created by
/etc/init.d/xfs. I assume that previously xfs was directly creating the
directory itself, so that the file_type_auto_trans rule for xfs_t was
sufficient to label it, but since it is now being created by the init
script, it is getting a different type.
--- /etc/init.d/xfs.old 2004-08-18 14:45:54.000000000 -0400
+++ /etc/init.d/xfs 2004-08-20 07:16:01.539914488 -0400
@@ -78,6 +78,7 @@
mkdir $FONT_UNIX_DIR
chown root:root $FONT_UNIX_DIR
chmod 1777 $FONT_UNIX_DIR
+ restorecon $FONT_UNIX_DIR
daemon xfs -droppriv -daemon
ret=$?
-- Stephen Smalley <sds at epoch.ncsc.mil> National Security Agency --
fedora-selinux-list mailing list fedora-selinux-list at redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list