On Thu, 2011-03-24 at 13:22 -0700, Justin P. Mattock wrote: > On 03/24/2011 01:13 PM, Stephen Smalley wrote: > > On Thu, 2011-03-24 at 09:26 -0700, Justin P. Mattock wrote: > >> On 03/24/2011 06:58 AM, Stephen Smalley wrote: > >>> On Wed, 2011-03-23 at 19:30 -0700, Justin P. Mattock wrote: > >>>> On 03/23/2011 11:07 AM, Justin P. Mattock wrote: > >>>>> On 03/21/2011 09:52 AM, Justin P. Mattock wrote: > >>>>>> this is showing up with the latest Mainline kernel. > >>>>>> gdm craps out..: > >>>>>> > >>>>>> [ 60.817] (II) Unloading synaptics > >>>>>> [ 60.822] SELinux: avc_has_perm: unexpected error 22 > >>>>>> [ 60.822] SELinux: avc_has_perm: unexpected error 22 > >>>>>> [ 60.828] SELinux: avc_has_perm: unexpected error 22 > >>>>>> [ 60.831] SELinux: avc_has_perm: unexpected error 22 > >>>>>> [ 60.871] SELinux: avc_has_perm: unexpected error 22 > >>>>>> [ 60.871] SELinux: avc_has_perm: unexpected error 22 > >>>>>> [ 60.881] (II) UnloadModule: "mouse" > >>>>>> [ 60.881] (II) Unloading mouse > >>>>>> > >>>>>> > >>>>>> full xorg.0.log is here: > >>>>>> http://fpaste.org/OOM2/ > >>>>>> > >>>>>> Justin P. Mattock > >>>>> > >>>>> seems doing a bisect right now during the merge window is breaking, > >>>>> anyways looking through the commits I think this: > >>>>> > >>>>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c53fa1ed92cd671a1dfb1e7569e9ab672612ddc6;hp=06dc94b1ed05f91e246315afeb1c652d6d0dc9ab > >>>>> > >>>>> > >>>>> might be what I am hitting, causing gdm to die out, as it starts. > >>>>> > >>>>> any ideas? > >>>>> > >>>>> Justin P. Mattock > >>>> > >>>> not sure if anybody is seeing this or hitting this with the current, > >>>> but reverting the above commit does not fix the problem. > >>>> will try another bisect(hopefully) > >>> > >>> Are you sure it is a kernel issue? Seems more likely that it would be a > >>> policy problem. What AVC denials are you getting? > >>> > >> > >> > >> strange.. was not even thinking of the avc's because the policy has > >> already been customized and has been working for a while now without > >> adding any rules. > >> > >> Anyways your right, seems the labels get changed or something with this > >> kernel or something: > >> http://fpaste.org/w4nK/ > > > > audit(1300983537.941:34): security_compute_sid: invalid context > > system_u:system_r:root_xdrawable_t:s0-s0:c0.c1023 for > > scontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 > > tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_drawable > > > > This looks like it might be a kernel regression after all. > > security_compute_sid should return object_r for tclass x_drawable, not > > system_r. Likely due to the recent changes there to support socket type > > transitions. Not sure exactly what is going wrong, as it should only > > happen on the socket classes. > > > > alright!! > > as for good kernel: > 2.6.38-00071-g5a69473 > is the last good one I have, so bisecting wont be too much but if I hit > the breakage like last time it might slow things down and/or ruin the > bisect. If it is what I think it is, then the breakage would be commit 6f5317e730505d5cbc851c435a2dfe3d5a21d343 -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
