Has anyone had any luck with Fedora/SELinux on the PowerPC platform?
On my PowerPC-based system, x.org's server wishes to access /proc/sys/dev
(probably for mac_hid/mouse emulation) and /proc/bus/pci. When I set
SELinux to enforce, these operations are blocked and X does not start.
Here are the relavent logs:
avc: denied { search } for pid=1504 exe=/usr/X11R6/bin/XFree86 name=dev
+dev=
ino=5303 scontext=system_u:system_r:xdm_xserver_t
+tcontext=system_u:object_r:sysctl_dev_t tclass=dir
avc: denied { getattr } for pid=1504 exe=/usr/X11R6/bin/XFree86
+path=/proc/bus/pci dev= ino=5458 scontext=system_u:system_r:xdm_xserver_t
+tcontext=system_u:object_r:proc_t tclass=dir
Perhaps x86's X server not touch these directories? I assume this policy
works on x86 because I haven't seen any mention of this on fedora-dev
or -test.
Adding the following to xserver_macros.te gets X to load on PowerPC:
# Access /proc/bus/pci
allow $1_xserver_t proc_t:dir { getattr read };
However, I don't know if this is the correct way to do this. I'm not
even sure exactly why X is trying to read from /proc/bus/pci.
--
Mike
:wq
Show replies by thread