From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4B2677DF.6060801@tycho.nsa.gov> Date: Mon, 14 Dec 2009 12:37:35 -0500 From: Eamon Walsh MIME-Version: 1.0 To: Justin Mattock CC: tresys , xorg@freedesktop.org, SE-Linux Subject: Re: avc's generated causes the system to freeze up References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On 12/11/2009 04:44 PM, Justin Mattock wrote: > I'm running X.Org X Server 1.7.99.2 > not sure if this is fixed with the latest > but after building the latest refpolicy > and defining my allow rules, both > regularly, and with make enableaudit > I still get avc's being generated here and there, > but for some they seem to just spamm Xorg.0.log > causing my system to freeze up. > heres an example: > If the denials are not causing a problem other than log spam, just use a dontaudit rule to silence them. > > (--) Synaptics Touchpad: touchpad found > (**) Option "SendCoreEvents" "true" > (**) Synaptics Touchpad: always reports core events > (II) XINPUT: Adding extended input device "Synaptics Touchpad" (type: TOUCHPAD) > (**) Synaptics Touchpad: (accel) keeping acceleration scheme 1 > (**) Synaptics Touchpad: (accel) acceleration profile 0 > (--) Synaptics Touchpad: touchpad found > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > > > same avc's but just keeps generating. > is there an option for this like > printk_ratelimit? > > > -- Eamon Walsh National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 From: ewalsh@tycho.nsa.gov (Eamon Walsh) Date: Mon, 14 Dec 2009 12:37:35 -0500 Subject: [refpolicy] avc's generated causes the system to freeze up In-Reply-To: References: Message-ID: <4B2677DF.6060801@tycho.nsa.gov> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/11/2009 04:44 PM, Justin Mattock wrote: > I'm running X.Org X Server 1.7.99.2 > not sure if this is fixed with the latest > but after building the latest refpolicy > and defining my allow rules, both > regularly, and with make enableaudit > I still get avc's being generated here and there, > but for some they seem to just spamm Xorg.0.log > causing my system to freeze up. > heres an example: > If the denials are not causing a problem other than log spam, just use a dontaudit rule to silence them. > > (--) Synaptics Touchpad: touchpad found > (**) Option "SendCoreEvents" "true" > (**) Synaptics Touchpad: always reports core events > (II) XINPUT: Adding extended input device "Synaptics Touchpad" (type: TOUCHPAD) > (**) Synaptics Touchpad: (accel) keeping acceleration scheme 1 > (**) Synaptics Touchpad: (accel) acceleration profile 0 > (--) Synaptics Touchpad: touchpad found > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > (WW) avc: denied { getattr } for request=X11:QueryPointer > comm=/usr/bin/pidgin resid=10001fc restype=WINDOW > scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t > tclass=x_drawable > > > same avc's but just keeps generating. > is there an option for this like > printk_ratelimit? > > > -- Eamon Walsh National Security Agency