Re: SELinux and Xorg error .

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Sep 21, 2020 at 10:00 AM Zdenek Pytela <zpytela@xxxxxxxxxx> wrote:
> On Sun, Sep 20, 2020 at 11:52 AM Cătălin George Feștilă <catalinfest@xxxxxxxxx> wrote:
>>
>> After a relabel I got this , any idea ?
>> [root@desk mythcat]# ausearch -c 'Xorg' --raw | audit2allow -M my-Xorg
>> libsepol.sepol_string_to_security_class: unrecognized class lockdown
>> ******************** IMPORTANT ***********************
>> To make this policy package active, execute:
>>
>> semodule -i my-Xorg.pp
>>
>> [root@desk mythcat]# semodule -X 300 -i my-Xorg.pp
>> Failed to resolve allow statement at /var/lib/selinux/mls/tmp/modules/300/my-Xorg/cil:7
>> semodule:  Failed!
>> [root@desk mythcat]# semodule -X 300 -i my-Xorg.pp
>> Failed to resolve allow statement at /var/lib/selinux/mls/tmp/modules/300/my-Xorg/cil:7
>> semodule:  Failed!
>> [root@desk mythcat]#  ausearch -c 'X' --raw | audit2allow -M my-X
>> libsepol.sepol_string_to_security_class: unrecognized class lockdown
>> ******************** IMPORTANT ***********************
>> To make this policy package active, execute:
>>
>> semodule -i my-X.pp
>>
>> [root@desk mythcat]# semodule -X 300 -i my-X.pp
>> Failed to resolve allow statement at /var/lib/selinux/mls/tmp/modules/300/my-X/cil:11
>> semodule:  Failed!
>
> Hi,
>
> mls with X is not supported; however, we do not seem to have the lockdown class in Fedora at all - did you download this policy from the refpolicy repo or how did you get it installed to your system?

Remember that we build the -mls policy with deny_unknown=1, so any
class that is defined in the kernel, but not in the policy, will cause
unfixable denials...

-- 
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux