[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#618292: SELinux: Failed to open x_contexts mapping in policy

On Mon, Mar 14, 2011 at 06:37:16PM +0100, Julien Cristau wrote:
> On Mon, Mar 14, 2011 at 13:00:21 -0400, Eamon Walsh wrote:
> > On 03/14/2011 06:04 AM, Julien Cristau wrote:
> > > Hi Eamon,
> > >
> > > we received the report below on the debian bug tracker, would you have
> > > any idea about this?
> > >
> > > On Sun, Mar 13, 2011 at 23:13:21 -0400, Joseph Nahmias wrote:
> > 
> > 
> > The X server is looking for the file
> > /etc/selinux/$POLICYTYPE/contexts/x_contexts.   POLICYTYPE is set in
> > the /etc/selinux/config file and is usually "targeted."
> > 
> > That file should be part of Debian's SELinux support as it is included
> > in the upstream policy.
> > 
> as far as I can tell the selinux-policy-default package comes with
> /etc/selinux/default/contexts/x_contexts so I guess that's what should
> be used (/etc/selinux/config sets SELINUXTYPE=default).  Joe, do you
> have that file?  I would expect yes, since downgrading to 1.7 makes X
> work again.

Hmm, for some reason, I don't have that particular package installed;
rather, I have the following:

$ dpkg -l selinux-\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                  Version                      Description
+++-=====================================-============================-==================================================================================
ii  selinux-basics                        0.3.8                        SELinux basic support
un  selinux-policy-default                <none>                       (no description available)
un  selinux-policy-dev                    <none>                       (no description available)
un  selinux-policy-refpolicy-src          <none>                       (no description available)
ii  selinux-policy-refpolicy-strict       0.0.20080314-1               Strict variant of the SELinux reference policy
ii  selinux-policy-refpolicy-targeted     0.0.20080314-1               Targeted variant of the SELinux reference policy
ii  selinux-utils                         2.0.96-1                     SELinux utility programs

I'll have to check if installing selinux-policy-default fixes my problem,
but that's a project for another night...

> > If the user does not wish to use the SELinux support for X, the
> > "xserver_object_manager" SELinux boolean can be set to false and that
> > will prevent the X server from loading the extension.
> > 
> In any case maybe the following patch would make sense, to have a better
> idea of why the call failed?
> 
> diff --git a/Xext/xselinux_label.c b/Xext/xselinux_label.c
> index e5929fa..94540ce 100644
> --- a/Xext/xselinux_label.c
> +++ b/Xext/xselinux_label.c
> @@ -358,7 +358,7 @@ SELinuxLabelInit(void)
>  
>      label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1);
>      if (!label_hnd)
> -       FatalError("SELinux: Failed to open x_contexts mapping in policy\n");
> +       FatalError("SELinux: Failed to open x_contexts mapping in policy: %s\n", strerror(errno));
>  }
>  
>  void
> 
> Cheers,
> Julien

--Joe
Reply to: