Running the latest Fedora rawhide policy packages
(selinux-policy-targeted-3.6.2-2.fc11.noarch,
selinux-policy-3.6.2-2.fc11.noarch), I observe the following "null" AVCs reported in /var/log/Xorg.0.log:

(WW) avc: denied null for request=X11:MapWindow comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device exaCopyDirty: Pending damage region empty!
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:QueryPointer comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device
(WW) avc: denied null for request=X11:GetInputFocus comm=qemu-kvm
xdevice="Virtual core keyboard"
scontext=unconfined_u:unconfined_r:qemu_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=x_device

Doesn't appear that they affect the running process (qemu-kvm, in this case).

What are they and does something need to be adjusted?

Thanks,

   tom

-- 
Tom London

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.