Tom London wrote:
On Thu, Feb 28, 2008 at 10:06 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom London wrote: > On Thu, Feb 28, 2008 at 7:41 AM, Tom London <selinux@xxxxxxxxx> wrote: >> After applying today's selinux-policy* packages, gnome/gdm login >> fails: gdmgreeter runs, but X quickly dies after enter password and >> you're back to the greeter. >> >> Booting up in permissive lets me log in. >> >> Here are the borkages: >> >> >> #============= mono_t ============== >> allow mono_t xdm_xserver_t:x_device read; >> >> #============= unconfined_execmem_t ============== >> allow unconfined_execmem_t xdm_xserver_t:x_device read; >> >> #============= unconfined_t ============== >> allow unconfined_t mono_t:x_resource write; >> allow unconfined_t unconfined_execmem_t:x_resource { write read }; >> allow unconfined_t unlabeled_t:x_drawable { destroy getattr }; >> [root@localhost ~]# >>
The "null" avc's are fixed in the upstream X server. This is a bad security hook call in the GLX code and affects GLX programs such as compiz.
The unlabeled AVC is the result of a mislabeled program? -- Eamon Walsh <ewalsh@xxxxxxxxxxxxx> National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
