avc's generated causes the system to freeze up

Justin P. Mattock justinmattock at gmail.com
Mon Dec 14 09:15:18 PST 2009

On 12/14/09 08:15, Guido Trentalancia wrote:
> Auditctl should operate at kernel-level. But this topics are all
> off-theme from SELinux. You shouldn't post audit questions to a SELinux
> mailing list.

Probably should be refpolicy, and Xorg
because this pertains to
XACE, but you took these cc's off the e-mail!

Anyways, as for auditd keep in mind this has todo with
Xorg.0.log, nothing todo with anything
in /var/log/messages, or any other log message
that auditd reads(and remember I don't have auditd turned on).

So lets try again:

I'm running X.Org X Server
after building the latest refpolicy
and defining my allow rules(all of them as possible),
I seem to have some of them show up later in time.
(which is normal).

The problem that I have is on some occasions these
denials that show up long after I have defined as many
allow rules as possible, seem to be spamming my
Xorg.0.log, until I define them into the policy
with audit2allow.

my question is, is there a mechanism similar to printk_ratelimit
for Xorg.0.log so when this happens my Xorg.0.log
does not become spammed with one avc denial
causing my system to freeze up, until the avc denial has
done registering all of it's denials or I allow it into the policy?

Justin P. mattock

More information about the xorg mailing list