Without SELinux boolean xserver_object_manager, xserver will get segmentation fault
Hello~ I run unity7 on ubuntu 18.04 with my own SELinux policy in permissive mode and get the Segmentation fault.
xserver log
(EE) 12: /usr/lib/xorg/Xorg (_start+0x2a) [0x55cceb1aa73a]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 11: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xe7) [0x7fd47c5c4bf7]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 10: /usr/lib/xorg/Xorg (0x55cceb169000+0x57a80) [0x55cceb1c0a80]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 9: /usr/lib/xorg/Xorg (0x55cceb169000+0x53a48) [0x55cceb1bca48]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 8: /usr/lib/xorg/Xorg (0x55cceb169000+0x151388) [0x55cceb2ba388]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 7: /usr/lib/xorg/Xorg (0x55cceb169000+0x144bf3) [0x55cceb2adbf3]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 6: /usr/lib/xorg/Xorg (XaceHook+0x158) [0x55cceb2700e8]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 5: /usr/lib/xorg/Xorg (_CallCallbacks+0x34) [0x55cceb1c1de4]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 4: /usr/lib/xorg/Xorg (0x55cceb169000+0x109df1) [0x55cceb272df1]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 3: /usr/lib/xorg/Xorg (0x55cceb169000+0x10933f) [0x55cceb27233f]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fd47c994000+0x12980) [0x7fd47c9a6980]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 1: /usr/lib/xorg/Xorg (0x55cceb169000+0x1bce59) [0x55cceb325e59]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) 0: /usr/lib/xorg/Xorg (xorg_backtrace+0x4d) [0x55cceb3220bd]
一 31 16:11:47 itri-VirtualBox /usr/lib/gdm3/gdm-x-session[1925]: (EE) Backtrace:
The execution flow is “ main -> Dispatch -> ProcXIPassiveGrabDevice -> GrabKey -> XaceHook -> _Callcallbacks -> SELinuxDevice -> SELinuxDoCheck “
After I trace the code flow, I think 2 problems cause this issue:
- When Xserver starts, it will check its extensions and try to load it. In the SELinux extension, it checks 3 conditions:
- is_selinux_enabled()
- selinuxEnforcingState == SELINUX_MODE_DISABLED
- !security_get_boolean_active("xserver_object_manager")
Because my policy doesn’t define xserver_object_manager boolean, function security_get_boolean_active can’t get its value, and it returns -1 on failure. The prefix “ ! ” will result in passing the check and start initializing SELinux. It seems to me that it reduces the reliability of xserver due to the problem below.
- The root cause of Segmentation fault is that some part of Xserver doesn’t completely support SELinux. When we use Unity as a desktop environment, the program unity-settings-daemon triggers start_lagacy_grabber mode. In this mode unity-settings-daemon sends request to xserver, and xserver will check object in function GrabKey if we enable SELinux extension. However, there is no SELinux context attached to the object. When execution flow goes in the function SELinuxDoCheck, it triggers null pointer dereference. The end of this path is segmentation fault!
The attachment is a patch for the boolean problem to increase reliability. 0001-Don-t-enable-SELinux-extension-without-boolean-xserv.patch