Bug 161920

Summary: After selinux-policy-targeted 1.17.30-3.13 installs, X fails with NVIDIA drivers
Product: [Fedora] Fedora Reporter: Greg Swallow <gswallow>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3CC: walt
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 1.17.30-3.16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-19 09:53:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Greg Swallow 2005-06-28 14:18:14 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

Description of problem:
Hi,

Here's what happened in our yum.log:

Jun 24 05:36:55 Installed: kernel.i686 2.6.11-1.35_FC3
Jun 25 04:46:50 Updated: HelixPlayer.i386 1:1.0.5-0.fc3.2
Jun 27 08:15:12 Updated: selinux-policy-targeted.noarch 1.17.30-3.13

Then, the NVIDIA drivers broke.  When I tried to start X it failed:

Jun 27 09:57:08 otto kernel: audit(1119884228.752:0): avc:  denied  { execmod } for  pid=4491 comm=X path=/usr/lib/tls/libnvidia-tls.so.1.0.7174 dev=hda2 ino=642018 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:08 otto fstab-sync[4633]: added mount point /media/floppy for /dev/fd0
Jun 27 09:57:09 otto kernel: audit(1119884229.269:0): avc:  denied  { execmod } for  pid=4491 comm=X path=/usr/X11R6/lib/modules/drivers/nvidia_drv.so dev=hda2 ino=898067 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:10 otto gdm[4476]: gdm_slave_xioerror_handler: Fatal X error - Restarting :0
Jun 27 09:57:14 otto kernel: audit(1119884234.127:0): avc:  denied  { execmod } for  pid=4670 comm=X path=/usr/lib/tls/libnvidia-tls.so.1.0.7174 dev=hda2 ino=642018 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:14 otto kernel: audit(1119884234.168:0): avc:  denied  { execmod } for  pid=4670 comm=X path=/usr/X11R6/lib/modules/drivers/nvidia_drv.so dev=hda2 ino=898067 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file

Disabling selinux in grub.conf fixes the issue.  Additionally, trying to reinstall the NVIDIA drivers (in case it were a kernel/driver mismatch) failed, too:

Jun 28 08:25:42 otto kernel: audit(1119965142.703:0): avc:  denied  { execmod } for  pid=6959 comm=nv-tmp-ymFwAI path=/tmp/nv-tmp-6qnCcG dev=hda2 ino=457526 scontext=root:system_r:unconfined_t tcontext=root:object_r:tmp_t tclass=file


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-3.13 kernel-2.6.11-1.35_FC3 NVIDIA-Linux-x86-1.0-7667

How reproducible:
Always

Steps to Reproduce:
1. Enable selinux
2. Try to start X with nvidia drivers installed
3.
  

Actual Results:  X wouldn't start.

Expected Results:  X should start.

Additional info:

Comment 1 Daniel Walsh 2005-07-03 15:20:49 UTC
Fixed in selinux-policy-targeted-1.17.30-3.16

Comment 2 Walter Justen 2005-08-19 09:53:22 UTC
update package is published