|Main Archive Page > Month Archives > selinux archives|
On Tue, 2012-01-24 at 13:27 -0600, Ted Toth wrote:
> I'm seeing x_drawable read denials in Xorg.0.log on a system with the
> X server in enforcing. I'm confused about these because the
> xserver_object_manager boolean is set which gets:
> allow x_domain xdrawable_type:x_drawable *;
> and the source context type of the avc is a type in the x_domain
> attribute and the target context type is in the xdrawable_type
> attribute which should be allowed by the included allow rule.
Have you checked whether compute_av (from libselinux/utils) gives the
What does audit2why aka audit2allow -w say about the denial?
Could it be a constraint violation instead of a TE denial?
-- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to email@example.com with the words "unsubscribe selinux" without quotes as the message.