Bug 1426649
| Summary: | SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxdrv.ko. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Randy Berry <randyn3lrx> | ||||
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 25 | CC: | aleksander.baranowski, andpol_o, binaryreverse, csamyn, D8F55524, damjanz, dconti2008, developer, dominick.grift, dwalsh, fed15ora, flydove, F.Navrkal, henryju, jsd, kasad12, knutjbj, linuxat400, luiz.aniki, luya, lvrabec, mechonbarsa, meta, mgrepl, plautrba, pmoore, ram.150392, raphael.brandis, rhbugzilla, ricky.tigg, robatino, ryan.paul, ssekidde, steven.soloff, viduranga.randila, vinayshastry | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | abrt_hash:1347b85d17bdc72f3ba08e8f28a8d1ecb5775b867de465f943b65422c0c92a9b; | ||||||
| Fixed In Version: | selinux-policy-3.13.1-225.11.fc25 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-02-28 08:49:54 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Description of problem: sudo modprobe nvidia Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.10-200.fc25.x86_64 type: libreport Description of problem: Virtual box not working after update my kernel Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport It gets better and better. No locally built driver will load, all have permission denied. Doesn't matter whether its an akmod package or not. I can make a policy that modprobe will load it, but not systemd-udevd. same problem:
Virtual box not working after selinux update
$ uname -a
Linux nb 4.9.11-200.fc25.x86_64 #1 SMP Mon Feb 20 18:11:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
selinux packages that were upgraded:
Upgrade selinux-policy-3.13.1-225.10.fc25.noarch @updates
Upgraded selinux-policy-3.13.1-225.6.fc25.noarch @updates
Upgrade selinux-policy-targeted-3.13.1-225.10.fc25.noarch @updates
Upgraded selinux-policy-targeted-3.13.1-225.6.fc25.noarch @updates
workaround:
$ sudo ausearch -c 'modprobe' --raw | audit2allow -M my-modprobe
$ sudo semodule -i my-modprobe.pp
$ sudo /sbin/vboxconfig
Description of problem: After last update I got the attached error warning on startup. Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport Created attachment 1257860 [details]
Policy module to allow again modprobe to load kernel modules
Hi,
The following SELinux policy module allows modprobe to load kernel modules again (apparently broken in selinux-policy-targeted-3.13.1-225.10.fc25.noarch).
Description of problem:
My setup:
Pre:
Intel i7 6700k with 1060 by nvidia on it's board :).
I had problem with rhgb not allowing me to decrypt my hard drive (lvm on ext4 with lukscrypt), so I removed it from grub with silent (or something similar) as workaround.
Thing above is not a problem, for this bug report!!!
My current booting line looks like "linux16 /vmlinuz-4.9.11-200.fc25.x86_64 root=/dev/mapper/fedora-root ro rd.lvm.lv=fedora/root LANG=en_US.UTF-8".
Story:
Everything worked fine for long time (2-3 weeks), then newest system (and) kernel update made my system unbootable. With screen turning on and off when trying to
startX (or wayland I'm not up to date with current status :)).
Solution:
I tried to reinstall Nvidia drivers (NVIDIA-Linux-x86_64-378.09.run), but without success (Installer cannot load module, so installation fails).
I listed dmesg messages (Because I have previous problem with Nvidia driver when compiling with kernel-devel-debug instead of kernel-devel [ magic num was wrong]).
I haven't found anything peculiar so I thought about stripping my system from everything that can prevent loading module. First guess was Selinux.
After setenforce 0, and changing default in /etc/selinux/config Installation was successful :). Now I'm on system in permissive mode :(.
Additional Information:
[root@SpaceStation ~]# dnf history info 37
Transaction ID : 37
Begin time : Sun Feb 26 11:34:10 2017
Begin rpmdb : 2984:8e35525dee5784c47c42d161f7bee14020857789
End time : 11:36:54 2017 (164 seconds)
End rpmdb : 2994:9656095b0c97e21798a7b3a3eaef09aa25198f86
User : Alex Baranowski <Alex>
Return-Code : Success
Command Line : update -y
Transaction performed with:
Installed dnf-1.1.10-5.fc25.noarch @updates
Installed rpm-4.13.0-6.fc25.x86_64 @updates
Packages Altered:
Upgraded ccache-3.3.3-1.fc25.x86_64 @fedora
Upgrade 3.3.4-1.fc25.x86_64 @updates
Upgraded crypto-policies-20160921-3.gitf3018dd.fc25.noarch @updates
Upgrade 20160921-4.gitf3018dd.fc25.noarch @updates
Upgraded firewall-config-0.4.4.3-1.fc25.noarch @updates
Upgrade 0.4.4.3-2.fc25.noarch @updates
Upgraded firewalld-0.4.4.3-1.fc25.noarch @updates
Upgrade 0.4.4.3-2.fc25.noarch @updates
Upgraded firewalld-filesystem-0.4.4.3-1.fc25.noarch @updates
Upgrade 0.4.4.3-2.fc25.noarch @updates
Upgraded flatpak-0.8.3-2.fc25.x86_64 @updates
Upgrade 0.8.3-3.fc25.x86_64 @updates
Upgraded flatpak-libs-0.8.3-2.fc25.x86_64 @updates
Upgrade 0.8.3-3.fc25.x86_64 @updates
Upgraded gparted-0.27.0-1.fc25.x86_64 @updates
Upgrade 0.28.1-1.fc25.x86_64 @updates
Upgraded grep-2.27-1.fc25.x86_64 @updates
Upgrade 2.27-2.fc25.x86_64 @updates
Upgraded grilo-0.3.2-4.fc25.x86_64 @anaconda
Upgrade 0.3.3-1.fc25.x86_64 @updates
Upgraded grilo-plugins-0.3.3-1.fc25.x86_64 @anaconda
Upgrade 0.3.4-1.fc25.x86_64 @updates
Upgraded ibus-libpinyin-1.8.1-1.fc25.x86_64 @updates
Upgrade 1.8.91-1.fc25.x86_64 @updates
Upgraded ibus-typing-booster-1.5.21-1.fc25.noarch @updates
Upgrade 1.5.22-1.fc25.noarch @updates
Upgraded kdesdk-thumbnailers-16.08.3-1.fc25.x86_64 @updates
Upgrade 16.12.2-1.fc25.x86_64 @updates
Install kernel-4.9.11-200.fc25.x86_64 @updates
Erase kernel-4.9.8-201.fc25.x86_64 @updates
Install kernel-core-4.9.11-200.fc25.x86_64 @updates
Erase kernel-core-4.9.8-201.fc25.x86_64 @updates
Install kernel-devel-4.9.11-200.fc25.x86_64 @updates
Erase kernel-devel-4.9.8-201.fc25.x86_64 @updates
Upgraded kernel-headers-4.9.10-200.fc25.x86_64 @updates
Upgrade 4.9.11-200.fc25.x86_64 @updates
Install kernel-modules-4.9.11-200.fc25.x86_64 @updates
Erase kernel-modules-4.9.8-201.fc25.x86_64 @updates
Install kernel-modules-extra-4.9.11-200.fc25.x86_64 @updates
Erase kernel-modules-extra-4.9.8-201.fc25.x86_64 @updates
Upgraded kernel-tools-libs-4.9.10-200.fc25.x86_64 @updates
Upgrade 4.9.11-200.fc25.x86_64 @updates
Upgraded libblkid-2.28.2-1.fc25.i686 @fedora
Upgraded libblkid-2.28.2-1.fc25.x86_64 @anaconda
Upgrade 2.28.2-2.fc25.i686 @updates
Upgrade 2.28.2-2.fc25.x86_64 @updates
Upgraded libfdisk-2.28.2-1.fc25.x86_64 @anaconda
Upgrade 2.28.2-2.fc25.x86_64 @updates
Upgraded libkomparediff2-16.08.3-1.fc25.x86_64 @updates
Upgrade 16.12.2-1.fc25.x86_64 @updates
Upgraded libmount-2.28.2-1.fc25.i686 @fedora
Upgraded libmount-2.28.2-1.fc25.x86_64 @anaconda
Upgrade 2.28.2-2.fc25.i686 @updates
Upgrade 2.28.2-2.fc25.x86_64 @updates
Upgraded libpinyin-1.7.0-1.fc25.x86_64 @updates
Upgrade 1.9.91-1.fc25.x86_64 @updates
Upgraded libpinyin-data-1.7.0-1.fc25.x86_64 @updates
Upgrade 1.9.91-1.fc25.x86_64 @updates
Upgraded libsmartcols-2.28.2-1.fc25.x86_64 @anaconda
Upgrade 2.28.2-2.fc25.x86_64 @updates
Upgraded libuuid-2.28.2-1.fc25.i686 @fedora
Upgraded libuuid-2.28.2-1.fc25.x86_64 @anaconda
Upgrade 2.28.2-2.fc25.i686 @updates
Upgrade 2.28.2-2.fc25.x86_64 @updates
Upgraded libva-1.7.3-1.fc25.i686 @updates
Upgraded libva-1.7.3-1.fc25.x86_64 @updates
Upgrade 1.7.3-3.fc25.i686 @updates
Upgrade 1.7.3-3.fc25.x86_64 @updates
Upgraded libva-intel-driver-1.7.3-1.fc25.i686 @rpmfusion-free-updates
Upgraded libva-intel-driver-1.7.3-1.fc25.x86_64 @rpmfusion-free-updates
Upgrade 1.7.3-2.fc25.i686 @rpmfusion-free-updates
Upgrade 1.7.3-2.fc25.x86_64 @rpmfusion-free-updates
Upgraded libva-utils-1.7.3-1.fc25.x86_64 @updates
Upgrade 1.7.3-3.fc25.x86_64 @updates
Upgraded mate-power-manager-1.16.1-1.fc25.x86_64 @updates
Upgrade 1.16.2-1.fc25.x86_64 @updates
Upgraded mesa-dri-drivers-13.0.3-5.fc25.i686 @updates
Upgraded mesa-dri-drivers-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.i686 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-filesystem-13.0.3-5.fc25.i686 @updates
Upgraded mesa-filesystem-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.i686 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libEGL-13.0.3-5.fc25.i686 @updates
Upgraded mesa-libEGL-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.i686 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libEGL-devel-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libGL-13.0.3-5.fc25.i686 @updates
Upgraded mesa-libGL-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.i686 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libGL-devel-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libGLES-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libOSMesa-13.0.3-5.fc25.i686 @updates
Upgraded mesa-libOSMesa-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.i686 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libgbm-13.0.3-5.fc25.i686 @updates
Upgraded mesa-libgbm-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.i686 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libgbm-devel-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libglapi-13.0.3-5.fc25.i686 @updates
Upgraded mesa-libglapi-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.i686 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libwayland-egl-13.0.3-5.fc25.i686 @updates
Upgraded mesa-libwayland-egl-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.i686 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libwayland-egl-devel-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded mesa-libxatracker-13.0.3-5.fc25.x86_64 @updates
Upgrade 13.0.4-1.fc25.x86_64 @updates
Upgraded okteta-libs-16.08.3-1.fc25.x86_64 @updates
Upgrade 16.12.2-1.fc25.x86_64 @updates
Upgraded open-vm-tools-10.0.5-7.fc25.x86_64 @updates
Upgrade 10.1.0-1.fc25.x86_64 @updates
Upgraded open-vm-tools-desktop-10.0.5-7.fc25.x86_64 @updates
Upgrade 10.1.0-1.fc25.x86_64 @updates
Upgraded pcre-8.40-2.fc25.i686 @updates
Upgraded pcre-8.40-2.fc25.x86_64 @updates
Upgrade 8.40-4.fc25.i686 @updates
Upgrade 8.40-4.fc25.x86_64 @updates
Upgraded pcre-cpp-8.40-2.fc25.x86_64 @updates
Upgrade 8.40-4.fc25.x86_64 @updates
Upgraded pcre-devel-8.40-2.fc25.x86_64 @updates
Upgrade 8.40-4.fc25.x86_64 @updates
Upgraded pcre-utf16-8.40-2.fc25.x86_64 @updates
Upgrade 8.40-4.fc25.x86_64 @updates
Upgraded pcre-utf32-8.40-2.fc25.x86_64 @updates
Upgrade 8.40-4.fc25.x86_64 @updates
Upgraded perl-Net-HTTP-6.12-1.fc25.noarch @updates
Upgrade 6.13-1.fc25.noarch @updates
Upgraded php-7.0.15-1.fc25.x86_64 @updates
Upgrade 7.0.16-1.fc25.x86_64 @updates
Upgraded php-cli-7.0.15-1.fc25.x86_64 @updates
Upgrade 7.0.16-1.fc25.x86_64 @updates
Upgraded php-common-7.0.15-1.fc25.x86_64 @updates
Upgrade 7.0.16-1.fc25.x86_64 @updates
Upgraded php-json-7.0.15-1.fc25.x86_64 @updates
Upgrade 7.0.16-1.fc25.x86_64 @updates
Upgraded php-ldap-7.0.15-1.fc25.x86_64 @updates
Upgrade 7.0.16-1.fc25.x86_64 @updates
Upgraded php-mysqlnd-7.0.15-1.fc25.x86_64 @updates
Upgrade 7.0.16-1.fc25.x86_64 @updates
Upgraded php-pdo-7.0.15-1.fc25.x86_64 @updates
Upgrade 7.0.16-1.fc25.x86_64 @updates
Upgraded po-debconf-1.0.16-7.nmu2.fc24.noarch @fedora
Upgrade 1.0.16-8.nmu3.fc25.noarch @updates
Upgraded python-rpm-macros-3-10.fc25.noarch @fedora
Upgrade 3-11.fc25.noarch @updates
Upgraded python-srpm-macros-3-10.fc25.noarch @fedora
Upgrade 3-11.fc25.noarch @updates
Upgraded python2-pyasn1-0.1.9-7.fc25.1.noarch @fedora
Upgrade 0.2.1-1.fc25.noarch @updates
Upgraded python2-pyasn1-modules-0.1.9-7.fc25.1.noarch @fedora
Upgrade 0.2.1-1.fc25.noarch @updates
Upgraded python2-rpm-macros-3-10.fc25.noarch @fedora
Upgrade 3-11.fc25.noarch @updates
Upgraded python3-firewall-0.4.4.3-1.fc25.noarch @updates
Upgrade 0.4.4.3-2.fc25.noarch @updates
Upgraded python3-rpm-macros-3-10.fc25.noarch @fedora
Upgrade 3-11.fc25.noarch @updates
Upgrade selinux-policy-3.13.1-225.10.fc25.noarch @updates
Upgraded selinux-policy-3.13.1-225.6.fc25.noarch @updates
Upgrade selinux-policy-targeted-3.13.1-225.10.fc25.noarch @updates
Upgraded selinux-policy-targeted-3.13.1-225.6.fc25.noarch @updates
Upgraded sos-3.2-4.fc25.noarch @anaconda
Upgrade 3.3-1.fc25.noarch @updates
Upgraded strace-4.15-1.fc25.x86_64 @updates
Upgrade 4.16-1.fc25.x86_64 @updates
Upgraded util-linux-2.28.2-1.fc25.x86_64 @anaconda
Upgrade 2.28.2-2.fc25.x86_64 @updates
Upgraded util-linux-user-2.28.2-1.fc25.x86_64 (unknown)
Upgrade 2.28.2-2.fc25.x86_64 @updates
Upgraded webkitgtk4-2.14.3-1.fc25.x86_64 @updates
Upgrade 2.14.5-1.fc25.x86_64 @updates
Upgraded webkitgtk4-devel-2.14.3-1.fc25.x86_64 @updates
Upgrade 2.14.5-1.fc25.x86_64 @updates
Upgraded webkitgtk4-jsc-2.14.3-1.fc25.x86_64 @updates
Upgrade 2.14.5-1.fc25.x86_64 @updates
Upgraded webkitgtk4-jsc-devel-2.14.3-1.fc25.x86_64 @updates
Upgrade 2.14.5-1.fc25.x86_64 @updates
Upgraded webkitgtk4-plugin-process-gtk2-2.14.3-1.fc25.x86_64 @updates
Upgrade 2.14.5-1.fc25.x86_64 @updates
Upgraded autocorr-en-1:5.2.5.1-6.fc25.noarch @updates
Upgrade 1:5.2.6.1-1.fc25.noarch @updates
Install libglvnd-1:0.2.999-10.gitdc16f8c.fc25.i686 @updates
Install libglvnd-1:0.2.999-10.gitdc16f8c.fc25.x86_64 @updates
Install libglvnd-core-devel-1:0.2.999-10.gitdc16f8c.fc25.x86_64 @updates
Install libglvnd-devel-1:0.2.999-10.gitdc16f8c.fc25.x86_64 @updates
Install libglvnd-egl-1:0.2.999-10.gitdc16f8c.fc25.i686 @updates
Install libglvnd-egl-1:0.2.999-10.gitdc16f8c.fc25.x86_64 @updates
Install libglvnd-gles-1:0.2.999-10.gitdc16f8c.fc25.x86_64 @updates
Install libglvnd-glx-1:0.2.999-10.gitdc16f8c.fc25.i686 @updates
Install libglvnd-glx-1:0.2.999-10.gitdc16f8c.fc25.x86_64 @updates
Install libglvnd-opengl-1:0.2.999-10.gitdc16f8c.fc25.x86_64 @updates
Upgraded libreoffice-calc-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-core-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-data-1:5.2.5.1-6.fc25.noarch @updates
Upgrade 1:5.2.6.1-1.fc25.noarch @updates
Upgraded libreoffice-draw-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-emailmerge-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-filters-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-graphicfilter-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-gtk2-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-gtk3-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-impress-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-langpack-en-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-math-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-ogltrans-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-opensymbol-fonts-1:5.2.5.1-6.fc25.noarch @updates
Upgrade 1:5.2.6.1-1.fc25.noarch @updates
Upgraded libreoffice-pdfimport-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-pyuno-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-ure-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-ure-common-1:5.2.5.1-6.fc25.noarch @updates
Upgrade 1:5.2.6.1-1.fc25.noarch @updates
Upgraded libreoffice-writer-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-x11-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreoffice-xsltfilter-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded libreofficekit-1:5.2.5.1-6.fc25.x86_64 @updates
Upgrade 1:5.2.6.1-1.fc25.x86_64 @updates
Upgraded spotify-client-1:1.0-10.fc25.x86_64 (unknown)
Upgrade 1:1.0-11.fc25.x86_64 @fedora-spotify
Upgraded vim-common-2:8.0.329-1.fc25.x86_64 @updates
Upgrade 2:8.0.347-2.fc25.x86_64 @updates
Upgraded vim-enhanced-2:8.0.329-1.fc25.x86_64 @updates
Upgrade 2:8.0.347-2.fc25.x86_64 @updates
Upgraded vim-filesystem-2:8.0.329-1.fc25.x86_64 @updates
Upgrade 2:8.0.347-2.fc25.x86_64 @updates
Upgraded vim-minimal-2:8.0.329-1.fc25.x86_64 @updates
Upgrade 2:8.0.347-2.fc25.x86_64 @updates
Upgraded texlive-base-6:2016-30.20160520.fc25.noarch @updates
Upgrade 6:2016-32.20160520.fc25.noarch @updates
Upgraded texlive-dvipng-6:svn40768-30.fc25.noarch @updates
Upgrade 6:svn40768-32.fc25.1.noarch @updates
Upgraded texlive-dvipng-bin-6:svn40473-30.20160520.fc25.x86_64 @updates
Upgrade 6:svn40473-32.20160520.fc25.1.x86_64 @updates
Upgraded texlive-kpathsea-6:svn41139-30.fc25.noarch @updates
Upgrade 6:svn41139-32.fc25.1.noarch @updates
Upgraded texlive-kpathsea-bin-6:svn40473-30.20160520.fc25.x86_64 @updates
Upgrade 6:svn40473-32.20160520.fc25.1.x86_64 @updates
Upgraded texlive-lib-6:2016-30.20160520.fc25.x86_64 @updates
Upgrade 6:2016-32.20160520.fc25.x86_64 @updates
Upgraded texlive-metafont-6:svn40793-30.fc25.noarch @updates
Upgrade 6:svn40793-32.fc25.1.noarch @updates
Upgraded texlive-metafont-bin-6:svn40987-30.20160520.fc25.x86_64 @updates
Upgrade 6:svn40987-32.20160520.fc25.1.x86_64 @updates
Upgraded texlive-tetex-6:svn41059-30.fc25.noarch @updates
Upgrade 6:svn41059-32.fc25.1.noarch @updates
Upgraded texlive-tetex-bin-6:svn36770.0-30.20160520.fc25.noarch @updates
Upgrade 6:svn36770.0-32.20160520.fc25.1.noarch @updates
Upgraded texlive-texlive.infra-6:svn41280-30.fc25.noarch @updates
Upgrade 6:svn41280-32.fc25.1.noarch @updates
Upgraded texlive-texlive.infra-bin-6:svn40312-30.20160520.fc25.x86_64 @updates
Upgrade 6:svn40312-32.20160520.fc25.1.x86_64 @updates
Scriptlet output:
1 warning: file /usr/lib/libGL.so.1.2.0: remove failed: No such file or directory
2 warning: file /usr/lib64/libGL.so.1.2.0: remove failed: No such file or directory
3 dkms: removing: nvidia 378.09 (4.9.8-201.fc25.x86_64) (x86_64)
4
5 -------- Uninstall Beginning --------
6 Module: nvidia
7 Version: 378.09
8 Kernel: 4.9.8-201.fc25.x86_64 (x86_64)
9 -------------------------------------
10
11 Status: Before uninstall, this module version was ACTIVE on this kernel.
12 Removing any linked weak-modules
13
14 nvidia.ko:
15 - Uninstallation
16 - Deleting from: /lib/modules/4.9.8-201.fc25.x86_64/extra/
17 - Original module
18 - No original module was found for this module on this kernel.
19 - Use the dkms install command to reinstall any previous module version.
20
21
22 nvidia-uvm.ko:
23 - Uninstallation
24 - Deleting from: /lib/modules/4.9.8-201.fc25.x86_64/extra/
25 - Original module
26 - No original module was found for this module on this kernel.
27 - Use the dkms install command to reinstall any previous module version.
28
29
30 nvidia-modeset.ko:
31 - Uninstallation
32 - Deleting from: /lib/modules/4.9.8-201.fc25.x86_64/extra/
33 - Original module
34 - No original module was found for this module on this kernel.
35 - Use the dkms install command to reinstall any previous module version.
36
37
38 nvidia-drm.ko:
39 - Uninstallation
40 - Deleting from: /lib/modules/4.9.8-201.fc25.x86_64/extra/
41 - Original module
42 - No original module was found for this module on this kernel.
43 - Use the dkms install command to reinstall any previous module version.
44
45 depmod...
46
47 DKMS: uninstall completed.
48 warning: file /lib/modules/4.9.8-201.fc25.x86_64/updates: remove failed: No such file or directory
Post:
Any help would be greatly appreciated.
Version-Release number of selected component:
selinux-policy-3.13.1-225.10.fc25.noarch
Additional info:
reporter: libreport-2.8.0
hashmarkername: setroubleshoot
kernel: 4.9.11-200.fc25.x86_64
type: libreport
Please make this urgent priority. As a temporary workaround SELinux config could be set to permissive mode. selinux in permissive mode works, but that's not a (final) solution. Building package with fix: https://koji.fedoraproject.org/koji/taskinfo?taskID=18091346 Will be in Fedora ASAP. selinux-policy-3.13.1-225.11.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e06f91350b Workaround which got me up and running again: # setenforce 0 # /sbin/vboxconfig # setenforce 1 Description of problem: Trying to use VirtualBox-5.1 from Oracle repos. Issue is also seen when using the RPMFusion version. Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport Description of problem: Bootup after most recent updates. Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport selinux-policy-3.13.1-225.11.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-e06f91350b Description of problem: Linux abc-PC 4.9.11-200.fc25.x86_64 #1 SMP Mon Feb 20 18:11:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux # dnf install VirtualBox-5.1-5.1.14_112924_fedora25-1.x86_64 Creating group 'vboxusers'. VM users must be member of that group! Created symlink /etc/systemd/system/multi-user.target.wants/vboxdrv.service → /usr/lib/systemd/system/vboxdrv.service. Created symlink /etc/systemd/system/multi-user.target.wants/vboxballoonctrl-service.service → /usr/lib/systemd/system/vboxballoonctrl-service.service. Created symlink /etc/systemd/system/multi-user.target.wants/vboxautostart-service.service → /usr/lib/systemd/system/vboxautostart-service.service. Created symlink /etc/systemd/system/multi-user.target.wants/vboxweb-service.service → /usr/lib/systemd/system/vboxweb-service.service. vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why. There were problems setting up VirtualBox. To re-start the set-up process, run /sbin/vboxconfig as root. Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport Description of problem: On System start up... Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport Description of problem: error appeared after recent updates Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport Description of problem: done updates and rebooted Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.12-200.fc25.x86_64 type: libreport *** Bug 1427411 has been marked as a duplicate of this bug. *** I am stuck in boot process since yesterday. First, SELinux prevented loading NVIDIA drivers. I disabled SELinux. Now, kernel log says:
###
nvidia: loading out-of-tree module taints kernel.
nvidia: module license 'NVIDIA' taints kernel.
nvidia: module verification failed: signature and/or required key missing - tainting kernel
nvidia-nvlink: Nvlink Core is being initialized, major device number 238
nvidia-modset: Loading NVIDIA Kernel Mode Setting Driver for UNIX platforms 375.26
[drm] [nvidia-drm] [GPU ID 0x00000100] Loading driver
###
NVIDIA drivers are from RPMFusion repo.
In the boot process, I end up being stuck in different states. I activated verbose output, these are the messages when booting get stuck on three different tries:
First try:
###
[ OK ] Started Session c1 of user gdm
[ OK ] Started User Manager for UID 42
Starting Hold until boot process finishes up...
###
Second try:
###
[ OK ] Started Session c1 of user gdm
[ OK ] Started User Manager for UID 42
[ OK ] Started GNOME Display Manager... finishes up....
###
Third try:
###
[ OK ] Started User Manager for UID 42
[ 23..... ] virbr0: port 1(virbr0-nic) entered blocking state
[ 23..... ] virbr0: port 1(virbr0-nic) entered disabled state
[ 23..... ] device virbr0-nic entered promiscuous mode
[ 23..... ] virbr0: port 1(virbr0-nic) entered blocking state
[ 23..... ] virbr0: port 1(virbr0-nic) entered listening state
[ 23..... ] virbr0: port 1(virbr0-nic) entered disabled state
###
journalctl ain't giving me any new errors.
/var/log/Xorg.0.log doesn't change, keeps giving me the same error output:
###
NVIDIA: Failed to initialize the NVIDIA kernel module. Please see the system's kernel log for additional error messages....
...
Fatal server error: no screens found EE)
###
I updated with tonight's new packages and new kernel 4.9.12, nothing changed.
Could you try put SELinux to permissive, or disabled mode - then reinstall NVidia driver packages? selinux-policy-3.13.1-225.11.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. Description of problem: Modprobe should be allowed module_load access on the vboxdrv.ko system by default. Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport Description of problem: Bumblebee's bumblebee-nvidia package causes SELinux alert when executing modprobe. This is corrected by adding an exception to SELinux policy. Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.12-200.fc25.x86_64 type: libreport ### Could you try put SELinux to permissive, or disabled mode - then reinstall NVidia driver packages? ### I removed the nvidia drivers, I have set SELinux to permissive mode, rebooted and still got stuck in boot process even without nvidia drivers. I reinstalled nvidia drivers, rebooted and also got stuck again in boot process at this point: ### [ OK ] Started Session c1 of user gdm [ OK ] Started User Manager for UID 42 [ 24...] Bridge firewalling registered ### Also, there is again a SELinux kernel message: ### avc: denied (module_load) for pid=791 comm="systemd_udev" path="/usr/lib/modules/4.9.12-200.fc25.x86_64/extra/nvidia/nvidia.ko" dev="dm-0"...... ### Just for making it sure - you set to permissive mode in /etc/selinux/config? It's not possible for selinux to denied anything when in permisive on boot. Description of problem: Unable to run virtualbox. To solve this problem, I have executed: # ausearch -c 'modprobe' --raw | audit2allow -M my-modprobe # semodule -X 300 -i my-modprobe.pp # /usr/sbin/vboxconfig Version-Release number of selected component: selinux-policy-3.13.1-225.10.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.12-200.fc25.x86_64 type: libreport Yes, SELinux is definitely in permissive mode in /etc/selinux/config. When I disable SELinux these messages disappear, but it won't change anything else. So, what confuses me, is the point, that the boot process get stuck in different states, regarding to the verbose output there. I assume, this isn't the only problem here. Like I wrote, even without the nvidia drivers, using the nouveau driver, the boot process behaves the same. What is the best way to debug the boot process? At the moment, I just can run in verbose mode and write down the last messages it puts out. Ok, I managed to fix this problem. I removed the RPMFusion NVIDIA driver packages and I reinstalled the proprietary NVIDIA drivers, I used before I tried the other ones. Installation went successful and even setting SELinux back to enforcd mode works just fine. I don't know, if this is enough evidence, but it seems, there is some kind of problem regarding the RPMFusion driver packages and SELinux (or at least between one of the packages that installed in the last updates). *** Bug 1427685 has been marked as a duplicate of this bug. *** |
Description of problem: rebooted the machine to use kernel in -testing (4.9.11) SELinux is preventing modprobe from 'module_load' accesses on the system /usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxdrv.ko. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that modprobe should be allowed module_load access on the vboxdrv.ko system by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'modprobe' --raw | audit2allow -M my-modprobe # semodule -X 300 -i my-modprobe.pp Additional Information: Source Context system_u:system_r:insmod_t:s0 Target Context system_u:object_r:modules_object_t:s0 Target Objects /usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxd rv.ko [ system ] Source modprobe Source Path modprobe Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.9.11-200.fc25.x86_64 #1 SMP Mon Feb 20 18:11:59 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-02-24 09:18:12 EST Last Seen 2017-02-24 09:18:12 EST Local ID 04d53641-eb78-4aed-a3da-f945aed9dee7 Raw Audit Messages type=AVC msg=audit(1487945892.113:920): avc: denied { module_load } for pid=5427 comm="modprobe" path="/usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxdrv.ko" dev="dm-1" ino=405904 scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=system permissive=0 Hash: modprobe,insmod_t,modules_object_t,system,module_load Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.9.11-200.fc25.x86_64 type: libreport