Tom London wrote: > Running the latest Fedora rawhide policy packages > (selinux-policy-targeted-3.6.2-2.fc11.noarch, > selinux-policy-3.6.2-2.fc11.noarch), I observe the following "null" > AVCs reported in /var/log/Xorg.0.log: > It's probably a bad security hook callsite. I'll investigate this. The server's operation shouldn't be affected. Thanks for the report. > > (WW) avc: denied null for request=X11:MapWindow comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > exaCopyDirty: Pending damage region empty! > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:QueryPointer comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > (WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm > xdevice="Virtual core keyboard" > scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device > > Doesn't appear that they affect the running process (qemu-kvm, in this case). > > What are they and does something need to be adjusted? > > Thanks, > tom > -- Eamon Walsh <ewalsh@xxxxxxxxxxxxx> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
