New F10 X AVC

[Joe Nall]

On Jan 10, 2009, at 5:36 AM, zoroufi wrote:

>
> Did you make Fedora 10 enforcing in MLS policy?

Yes, with a modified policy and using openbox instead of gnome.

joe

>
> Didn't you encounter the X windows problem like previous releases of  
> Fedora(
> i.e. Fedora 9 or earlier)?
>
>
> Joe Nall wrote:
>>
>> Any clue what is going on with this AVC? This is is a local variant  
>> of
>> selinux-policy-mls-3.5.13-125. xterms and our non-gtk apps do not
>> generate this AVC. It is fatal to the apps that experience it. New in
>> F10.
>>
>> joe
>>
>>
>> node=fast type=USER_AVC msg=audit(1231388602.219:4379667): user
>> pid=3917 uid=0 auid=4294967295 ses=4294967295
>> subj=system_u:system_r:xdm_xserver_t:s0-s15:c0.c1023 msg='avc:
>> denied  { write } for request=RANDR:SelectInput comm=/usr/lib64/
>> firefox-3.0.5/firefox resid=78 restype=WINDOW
>> scontext=user_u:user_r:user_t:s6:c0.c511
>> tcontext=system_u:object_r:xdm_rootwindow_t:s0-s15:c0.c1023
>> tclass=x_drawable : exe="/usr/bin/Xorg" (sauid=0, hostname=?, addr=?,
>> terminal=?)'
>> node=fast type=USER_AVC msg=audit(1231388632.992:4379857): user
>> pid=3917 uid=0 auid=4294967295 ses=4294967295
>> subj=system_u:system_r:xdm_xserver_t:s0-s15:c0.c1023 msg='avc:
>> denied  { write } for request=RANDR:SelectInput comm=/usr/bin/gnome-
>> terminal resid=78 restype=WINDOW
>> scontext=user_u:user_r:user_t:s4:c0,c2,c11,c200.c511
>> tcontext=system_u:object_r:xdm_rootwindow_t:s0-s15:c0.c1023
>> tclass=x_drawable : exe="/usr/bin/Xorg" (sauid=0, hostname=?, addr=?,
>> terminal=?)'
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>
>
> -- 
> View this message in context: http://www.nabble.com/New-F10-X-AVC-tp21345740p21387191.html
> Sent from the Fedora SELinux List mailing list archive at Nabble.com.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list