Justin,
your question seems more of an audit question.
Why don't you use audit2allow to sort this out from a SELinux point of
view instead than trying to shut up audit ?
Audit2allow can generate custom rules for you from the analysis of your
audit log messages. The rules can then be compiled into a custom policy
module, that you can install with semodule.
On Fri, 2009-12-11 at 13:44 -0800, Justin Mattock wrote:
> I'm running X.Org X Server 1.7.99.2
> not sure if this is fixed with the latest
> but after building the latest refpolicy
> and defining my allow rules, both
> regularly, and with make enableaudit
> I still get avc's being generated here and there,
> but for some they seem to just spamm Xorg.0.log
> causing my system to freeze up.
> heres an example:
>
>
> (--) Synaptics Touchpad: touchpad found
> (**) Option "SendCoreEvents" "true"
> (**) Synaptics Touchpad: always reports core events
> (II) XINPUT: Adding extended input device "Synaptics Touchpad" (type: TOUCHPAD)
> (**) Synaptics Touchpad: (accel) keeping acceleration scheme 1
> (**) Synaptics Touchpad: (accel) acceleration profile 0
> (--) Synaptics Touchpad: touchpad found
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
> (WW) avc: denied { getattr } for request=X11:QueryPointer
> comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
> scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
> tclass=x_drawable
>
>
> same avc's but just keeps generating.
> is there an option for this like
> printk_ratelimit?
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
