XFree86 and SELinux on PPC
W. Michael Petullo
mike at flyn.org
Sun Apr 11 20:06:42 UTC 2004
On Sun, Apr 11, 2004 at 07:43:45AM -0500, W. Michael Petullo wrote:
> On my PowerPC-based system, x.org's server wishes to access /proc/sys/dev
> (probably for mac_hid/mouse emulation) and /proc/bus/pci. When I set
> SELinux to enforce, these operations are blocked and X does not start.
>
> Here are the relavent logs:
>
> avc: denied { search } for pid=1504 exe=/usr/X11R6/bin/XFree86 name=dev dev=
> ino=5303 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:sysctl_dev_t tclass=dir
>
> avc: denied { getattr } for pid=1504 exe=/usr/X11R6/bin/XFree86 path=/proc/bus/pci dev= ino=5458 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:proc_t tclass=dir
>
> Does x86's X server not touch these directories? I assume this policy
> works on x86. I'd be happy to throw this in bugzilla.
Adding the following to xserver_macros.te gets X to load on PowerPC:
# Access /proc/bus/pci
allow $1_xserver_t proc_t:dir { getattr read };
However, I don't know if this is the correct way to do this. I'm not
even sure exactly why X is trying to read from /proc/bus/pci.
--
Mike
:wq
More information about the fedora-test-list
mailing list