This patch was created using xorg-server-1.12.2 source. When using Fedora 17 with xorg-server-1.12.2 and SELinux is enabled ('setsebool xserver_object_manager on') the xserver will not load. The Xlog file has a seg fault pointing to XACE/SELinux. Bug 50641 was raised (https://bugs.freedesktop.org/show_bug.cgi?id=50641).
The bug is caused by X calling XaceHook(XACE_DEVICE_ACCESS, client, ...) with a device ID of '1' that is XIAllMasterDevices. It would also happen if the device ID = 0 (XIAllDevices). The fix is to return if device is XIAll*Devices and let the permission be determined when a real device ID is presented. Signed-off-by: Richard Haines <richard_c_hai...@btinternet.com> --- Xext/xselinux_hooks.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c index e9c7e93..82d3892 100644 --- a/Xext/xselinux_hooks.c +++ b/Xext/xselinux_hooks.c @@ -336,7 +336,15 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) int rc; subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey); - obj = dixLookupPrivate(&rec->dev->devPrivates, objectKey); + /* + * The XIAllMasterDevices or XIAllDevices do not have devPrivates + * entries. If they are requested we just return as each device access + * will be checked individually. + */ + if (rec->dev->id != XIAllDevices && rec->dev->id != XIAllMasterDevices) + obj = dixLookupPrivate(&rec->dev->devPrivates, objectKey); + else + return; /* If this is a new object that needs labeling, do it now */ if (rec->access_mode & DixCreateAccess) { -- 1.7.10.4 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel