Re: usbfs, updpwd_t, gdm (xdm_t) avcs with today's rawhide

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Dec 1, 2007 4:19 PM, Tom London <selinux@xxxxxxxxx> wrote:
> Today's gdm is finally runnable for me, and with gcc-4.1.2-33, I can
> compile newest kernel (2.6.24-0.61.rc3.git5.local.fc9).
>
> However, a bunch of AVCs:
>
> #============= mount_t ==============
> allow mount_t usbfs_t:dir { read ioctl };
>
> #============= updpwd_t ==============
> allow updpwd_t tty_device_t:chr_file { read write };
>
> #============= xdm_t ==============
> allow xdm_t gconfd_exec_t:file { read execute execute_no_trans };
> allow xdm_t inotifyfs_t:dir getattr;
> allow xdm_t self:netlink_selinux_socket { read bind create };
> allow xdm_t system_dbusd_exec_t:file { read execute execute_no_trans };
> allow xdm_t system_dbusd_t:dbus acquire_svc;
> allow xdm_t var_lib_t:file { rename unlink append };
> allow xdm_t var_log_t:file write;
>
> The mount_t/usbfs_t ones come early in boot.
>
> Without adding rules for the xdm_t ones (at least some of them),
> graphical login fails with 'X respawn too fast' messages.
>
> I attach the AVCs from /var/log/messages and /var/log/audit/audit.log
>
I found a few more AVCs generated during graphical login:

#============= pam_t ==============
allow pam_t user_home_t:file { read getattr ioctl append };

#============= xdm_dbusd_t ==============
allow xdm_dbusd_t xdm_var_lib_t:dir search;

/var/log/audit/audit.log attached.

tom
-- 
Tom London

Attachment: log5
Description: Binary data

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux