On Dec 1, 2007 4:19 PM, Tom London <selinux@xxxxxxxxx> wrote:
> Today's gdm is finally runnable for me, and with gcc-4.1.2-33, I can
> compile newest kernel (2.6.24-0.61.rc3.git5.local.fc9).
>
> However, a bunch of AVCs:
>
> #============= mount_t ==============
> allow mount_t usbfs_t:dir { read ioctl };
>
> #============= updpwd_t ==============
> allow updpwd_t tty_device_t:chr_file { read write };
>
> #============= xdm_t ==============
> allow xdm_t gconfd_exec_t:file { read execute execute_no_trans };
> allow xdm_t inotifyfs_t:dir getattr;
> allow xdm_t self:netlink_selinux_socket { read bind create };
> allow xdm_t system_dbusd_exec_t:file { read execute execute_no_trans };
> allow xdm_t system_dbusd_t:dbus acquire_svc;
> allow xdm_t var_lib_t:file { rename unlink append };
> allow xdm_t var_log_t:file write;
>
> The mount_t/usbfs_t ones come early in boot.
>
> Without adding rules for the xdm_t ones (at least some of them),
> graphical login fails with 'X respawn too fast' messages.
>
> I attach the AVCs from /var/log/messages and /var/log/audit/audit.log
>
I found a few more AVCs generated during graphical login:
#============= pam_t ==============
allow pam_t user_home_t:file { read getattr ioctl append };
#============= xdm_dbusd_t ==============
allow xdm_dbusd_t xdm_var_lib_t:dir search;
/var/log/audit/audit.log attached.
tom
--
Tom London
Attachment:
log5
Description: Binary data
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
