avc's generated causes the system to freeze up

Justin Mattock justinmattock at gmail.com
Fri Dec 11 13:44:33 PST 2009 

I'm running X.Org X Server 1.7.99.2
not sure if this is fixed with the latest
but after building the latest refpolicy
and defining my allow rules, both
regularly, and with make enableaudit
I still get avc's being generated here and there,
but for some they seem to just spamm Xorg.0.log
causing my system to freeze up.
heres an example:


(--) Synaptics Touchpad: touchpad found
(**) Option "SendCoreEvents" "true"
(**) Synaptics Touchpad: always reports core events
(II) XINPUT: Adding extended input device "Synaptics Touchpad" (type: TOUCHPAD)
(**) Synaptics Touchpad: (accel) keeping acceleration scheme 1
(**) Synaptics Touchpad: (accel) acceleration profile 0
(--) Synaptics Touchpad: touchpad found
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable


same avc's but just keeps generating.
is there an option for this like
printk_ratelimit?


-- 
Justin P. Mattock

More information about the xorg mailing list