Bug#618292: SELinux: Failed to open x_contexts mapping in policy
On Mon, Mar 14, 2011 at 13:00:21 -0400, Eamon Walsh wrote:
> On 03/14/2011 06:04 AM, Julien Cristau wrote:
> > Hi Eamon,
> >
> > we received the report below on the debian bug tracker, would you have
> > any idea about this?
> >
> > On Sun, Mar 13, 2011 at 23:13:21 -0400, Joseph Nahmias wrote:
>
>
> The X server is looking for the file
> /etc/selinux/$POLICYTYPE/contexts/x_contexts. POLICYTYPE is set in
> the /etc/selinux/config file and is usually "targeted."
>
> That file should be part of Debian's SELinux support as it is included
> in the upstream policy.
>
as far as I can tell the selinux-policy-default package comes with
/etc/selinux/default/contexts/x_contexts so I guess that's what should
be used (/etc/selinux/config sets SELINUXTYPE=default). Joe, do you
have that file? I would expect yes, since downgrading to 1.7 makes X
work again.
> If the user does not wish to use the SELinux support for X, the
> "xserver_object_manager" SELinux boolean can be set to false and that
> will prevent the X server from loading the extension.
>
In any case maybe the following patch would make sense, to have a better
idea of why the call failed?
diff --git a/Xext/xselinux_label.c b/Xext/xselinux_label.c
index e5929fa..94540ce 100644
--- a/Xext/xselinux_label.c
+++ b/Xext/xselinux_label.c
@@ -358,7 +358,7 @@ SELinuxLabelInit(void)
label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1);
if (!label_hnd)
- FatalError("SELinux: Failed to open x_contexts mapping in policy\n");
+ FatalError("SELinux: Failed to open x_contexts mapping in policy: %s\n", strerror(errno));
}
void
Cheers,
Julien
Reply to: