[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: Permissive mode for xace is broken.
From: Eamon Walsh <ewalsh () tycho ! nsa ! gov>
Date: 2008-02-26 1:12:07
Message-ID: 47C36767.7030503 () tycho ! nsa ! gov
[Download RAW message or body]
Eamon Walsh wrote:
> The X object manager logs all avc's and status messages (including the
> AVC netlink stuff) through the audit system using libaudit calls
> (audit_log_user_avc_message, etc.) I disavow all responsibility for
> the messages once they enter libaudit
It's being black-holed in rawhide. To see for yourself, add the
attached patch to the spec file and rebuild the xserver from SRPM. It
will tee the avc messages into /var/log/Xorg.0.log.
Also, pull libselinux from upstream. The BadWindow error may be fixed.
You'll have to report to me what you see in the X server output. I'm
seeing tons of avc's: it doesn't appear as though staff_t is even
getting X permissions allowed.
--
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency
["xserver-1.4.99-xselinux-debug.patch" (text/x-patch)]
From d4112defb9ab2b099c67a0a7c2ae7ac772d67751 Mon Sep 17 00:00:00 2001
From: Stupid McStupidson <stupid@example.com>
Date: Mon, 7 Jan 2008 15:41:22 -0500
Subject: Debugging Test
---
--- a/Xext/xselinux.c.orig 2008-02-25 18:43:14.000000000 -0500
+++ a/Xext/xselinux.c 2008-02-25 18:44:14.000000000 -0500
@@ -496,6 +496,8 @@
vsnprintf(buf, MAX_AUDIT_MESSAGE_LENGTH, fmt, ap);
rc = audit_log_user_avc_message(audit_fd, aut, buf, NULL, NULL, NULL, 0);
va_end(ap);
+
+ ErrorF("%s", buf);
return 0;
}
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic