x11vnc on Fedora 18

m.roth at 5-cent.us m.roth at 5-cent.us
Tue Jan 29 15:07:59 UTC 2013 

Andrew Jones wrote:
> (Apologies in advance for the length of this mail.  I am a total noob at
> SELinux so my vocabulary is probably not correct.  Hopefully you will be
> able to understand from context what I am trying to say.)
>
> I have been setting up x11vnc on some of my machines.  It looks like
> there are a hundred different ways of setting it up but I have chosen to
> follow the spirit of this entry in the Fedora Forum:
>
> http://forums.fedoraforum.org/showpost.php?p=1448696&postcount=2
>
> This works with SELinux permissive but fails completely when enforcing.
>
> Even when running permissively there are so many SELinux events in the
> first few seconds that many are dropped as shown here:
>
> Jan 29 03:44:10 ecafe audispd: queue is full - dropping event
>
> After several hours of scouring the system log, running sealert and
> creating policies, rinsing and repeating I think I have generated the
> command line that will identify all the events which occur during an
> x11vnc session:
>
> egrep  ps\|x11vnc\|tcpd\|mission-control /var/log/audit/audit.log |
> audit2allow -M mypol
>
> By repetitively running that line, applying the generated policy then
> restarting the computer and launching a new vnc session eventually all
> the events are able to be recorded without filling the queue.
>
Andrew,

   First of all, how did you install x11vnc? Did you use yum, or is this
from a tarball. You should ALWAYS prefer yum install, since this will
get all dependencies, and install policy as part of the package.

   Secondly, you should be looking at what it wants to do. For example,
the fact that mcelog is in there worries me, a *lot*, since mcelog
records ->hardware errors<-, meaning that you could be having hardware
issues.

   Third, read the man page for audit2allow. It tells you how to convert
from text policy to compiled and install it. It's not complicated.

   Fourth, the "dropped" indicates that there are so many errors the queue
can't keep up. From an old closed bug, one note for this problem is:
-b 8192 in auditd.conf
priority_boost = 4  in auditd.conf
priority_boost = 8  in audispd.conf
q_depth = 2048  in audispd.conf

       mark

More information about the selinux mailing list