59e00c5580
On Arch Linux, /usr/bin/Xorg is only a shell script which executes /usr/lib/xorg-server/Xorg.wrap, which is a SUID binary wrapper around /usr/lib/xorg-server/Xorg. Even though Xorg.wrap is not a full X server, it reads X11 configuration files, uses the DRM interface to detect KMS, etc. (cf. http://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/xorg-wrapper.c?id=xorg-server-1.18.0 for more details). Therefore label it as xserver_exec_t. This makes the following AVC appear: denied { execute_no_trans } for pid=927 comm="X" path="/usr/lib/xorg-server/Xorg.wrap" dev="dm-0" ino=3152592 scontext=system_u:system_r:xserver_t tcontext=system_u:object_r:xserver_exec_t tclass=file Allow /usr/bin/Xorg to execute Xorg.wrap with a can_exec statement. |
||
---|---|---|
.. | ||
admin | ||
apps | ||
contrib@35cd3decfd | ||
kernel | ||
roles | ||
services | ||
system |