SELinux stops new X11?

Richard Hally <rhallyx@xxxxxxxxxxxxxx> · Thu, 19 Aug 2004 19:10:09 -0400

The new xorg-X11(6.7.99.902-1) will not start with the current strict 
SELinux policy(1.15.16-1) in enforcing mode. (xorg-x11-*6.7.0-7.2 works 
just fine). I have not tried permissive mode.

It looks like something has changed in X11 that has to do with the 
fonts and the SE policy has not been  updated to  handle it but that is 
just speculation.

from my Xorg.0.log:
<snip>
(II) Mouse0: ps2EnableDataReporting: succeeded
Could not init font path element unix/:7100, removing from list!

Fatal server error:
could not open default font 'fixed'

Please consult the The X.Org Foundation support

        at http://wiki.X.Org

for help.

Please also check the log file at "/var/log/Xorg.0.log" for additional 
information.

  *** If unresolved symbols were reported above, they might not
  *** be the reason for the server aborting.

FatalError re-entered, aborting

Caught signal 11.  Server aborting

----------------------------------------------------------------------end 
of xorg log-----------------------------------------

From /var/log/messages:

Aug 19 17:34:53 new2 kernel: audit(1092951293.022:0): avc:  denied  { 
getattr }

for  pid=2578 exe=/usr/X11R6/bin/xfs path=/tmp/.font-unix dev=hda2 
ino=1840549 scontext=system_u:system_r:xfs_t 
tcontext=system_u:object_r:initrc_tmp_t tclass=dir

Aug 19 17:34:53 new2 xfs[2578]: cannot establish any listening sockets

Aug 19 17:34:53 new2 xfs: xfs startup succeeded

Aug 19 17:34:53 new2 xfs[2578]: ignoring font path element 
/usr/X11R6/lib/X11/fonts/Speedo (unreadable)

Aug 19 17:35:13 new2 kernel: audit(1092951313.544:0): avc:  denied  { 
read } for  pid=2995 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file

Aug 19 17:35:13 new2 last message repeated 2 times

Aug 19 17:35:13 new2 kernel: audit(1092951313.545:0): avc:  denied  { 
read } for  pid=2995 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file

Aug 19 17:35:13 new2 last message repeated 4 times

Aug 19 17:35:15 new2 kernel: audit(1092951315.876:0): avc:  denied  { 
search } for  pid=2995 exe=/usr/X11R6/bin/Xorg name=.font-unix dev=hda2 
ino=1840549 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:initrc_tmp_t tclass=dir

Aug 19 17:35:19 new2 kernel: audit(1092951319.457:0): avc:  denied  { 
read } for  pid=3329 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file

Aug 19 17:35:19 new2 last message repeated 3 times

Aug 19 17:35:19 new2 kernel: audit(1092951319.458:0): avc:  denied  { 
read } for  pid=3329 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file

Aug 19 17:35:19 new2 last message repeated 3 times

Aug 19 17:35:21 new2 kernel: audit(1092951321.333:0): avc:  denied  { 
search } for  pid=3329 exe=/usr/X11R6/bin/Xorg name=.font-unix dev=hda2 
ino=1840549 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:initrc_tmp_t tclass=dir

Aug 19 17:35:21 new2 gdm[3304]: gdm_slave_xioerror_handler: Fatal X 
error - Restarting :0

Aug 19 17:35:24 new2 kernel: audit(1092951324.885:0): avc:  denied  { 
read } for  pid=3494 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file

Aug 19 17:35:24 new2 kernel: audit(1092951324.886:0): avc:  denied  { 
read } for  pid=3494 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2 
ino=1061221 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=lnk_file

Aug 19 17:35:24 new2 last message repeated 6 times

FWIW
Richard Hally