From: justinmattock@gmail.com (Justin Mattock)
Date: Fri, 11 Dec 2009 13:44:33 -0800
Subject: [refpolicy] avc's generated causes the system to freeze up
Message-ID: <dd18b0c30912111344j65436d86h85f8d74e752e19af@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

I'm running X.Org X Server 1.7.99.2
not sure if this is fixed with the latest
but after building the latest refpolicy
and defining my allow rules, both
regularly, and with make enableaudit
I still get avc's being generated here and there,
but for some they seem to just spamm Xorg.0.log
causing my system to freeze up.
heres an example:


(--) Synaptics Touchpad: touchpad found
(**) Option "SendCoreEvents" "true"
(**) Synaptics Touchpad: always reports core events
(II) XINPUT: Adding extended input device "Synaptics Touchpad" (type: TOUCHPAD)
(**) Synaptics Touchpad: (accel) keeping acceleration scheme 1
(**) Synaptics Touchpad: (accel) acceleration profile 0
(--) Synaptics Touchpad: touchpad found
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable
(WW) avc:  denied  { getattr } for request=X11:QueryPointer
comm=/usr/bin/pidgin resid=10001fc restype=WINDOW
scontext=justin:user_r:user_t tcontext=justin:object_r:mplayer_t
tclass=x_drawable


same avc's but just keeps generating.
is there an option for this like
printk_ratelimit?


-- 
Justin P. Mattock