I turned on the boolean: setsebool -P xserver_object_manager on and now I get the following in my Xorg.0.log file: SELinux: Invalid object class mapping, disabling SELinux support. Should I try the latest policy from oss.tresys.com? Would the upstream reference policy fix this error? Thanks, Mark On Thu, Dec 3, 2009 at 10:07 PM, Eamon Walsh <ewalsh@xxxxxxxxxxxxx> wrote: > On 12/02/2009 10:22 PM, Tyler Durvik wrote: >> Greetings, >> >> I am looking for a tutorial, or instructions, on how to set up an X >> Server to work with SELinux. I have fedora 12 installed and ready to >> go. Does anyone have links/pages to where I may find this >> information? >> >> Thanks >> > > > Turn on the xserver_object_manager boolean and restart X, as described > by Dominick. AVC's generated by X will go in Xorg.0.log as well as > audit.log (as type "USER_AVC"). > > The current X policy in F12 probably will generate AVC's on a full > desktop session. There is a much improved X policy upstream that is not > in F12 yet. I will bug Dan to ship it in his next update. > > If you want to run the X server in permissive mode but keep the rest of > the system enforcing put the following in xorg.conf: > > Section "Module" > SubSection "extmod" > Option "SELinux mode permissive" > EndSubSection > EndSection > > > > > -- > > Eamon Walsh > National Security Agency > > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
