On Fri, 20 Aug 2004 09:10, Richard Hally <rhallyx@xxxxxxxxxxxxxx> wrote:
> Aug 19 17:35:13 new2 kernel: audit(1092951313.544:0): avc: denied {
> read } for pid=2995 exe=/usr/X11R6/bin/Xorg name=fb dev=hda2
> ino=1061221 scontext=system_u:system_r:xdm_xserver_t
> tcontext=system_u:object_r:device_t tclass=lnk_file
The attached policy patch xserv.diff fixes this.
The other is fixed by restorecon.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--- /usr/src/se/policy/macros/program/xserver_macros.te 2004-08-15 15:45:19.000000000 +1000
+++ macros/program/xserver_macros.te 2004-08-20 23:01:22.000000000 +1000
@@ -127,6 +130,9 @@
allow $1_xserver_t mtrr_device_t:file rw_file_perms;
allow $1_xserver_t apm_bios_t:chr_file rw_file_perms;
allow $1_xserver_t framebuf_device_t:chr_file rw_file_perms;
+ifdef(`redhat', `
+allow $1_xserver_t device_t:lnk_file { getattr read };
+')
allow $1_xserver_t devtty_t:chr_file rw_file_perms;
allow $1_xserver_t devtty_t:lnk_file read;
