Bug 242496

Summary: Selinux is stopping the nvidia-legacy driver from starting
Product: [Fedora] Fedora Reporter: Martin Thain <martinthain99>
Component: udevAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: 7CC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-04 19:57:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
startup logs none

Description Martin Thain 2007-06-04 15:24:25 UTC
Description of problem:

Selinux is stopping the nvidia-legacy driver from starting.

Version-Release number of selected component (if applicable):
Linux skywalker 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:35:01 EDT 2007 i686 i686
i386 GNU/Linux
xorg-x11-drv-nvidia-legacy-1.0.7185-2.lvn7
kmod-nvidia-legacy-1.0.7185-2.2.6.21_1.3194.fc7


How reproducible:

every time

Steps to Reproduce:
1. upgrade FC6 to F7
2. attempt to start F7 - fails at udev time 
3. NOTE if SElinux id disabled the driver starts OK
  
Actual results:
X fails to start

Expected results:
X should start

Additional info:
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:4): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidia0" dev=dm-0 ino=6874607
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:5): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidia1" dev=dm-0 ino=6874669
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:6): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidia2" dev=dm-0 ino=6874701
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:7): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidia3" dev=dm-0 ino=6874704
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:8): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidiactl" dev=dm-0 ino=6874774
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file

Comment 1 Martin Thain 2007-06-04 15:24:26 UTC
Created attachment 156085 [details]
startup logs

Comment 2 Daniel Walsh 2007-06-04 19:57:11 UTC

*** This bug has been marked as a duplicate of 241712 ***

Comment 3 Martin Thain 2007-06-05 11:35:54 UTC
A better work around I found was to
1) remove the xorg-x11-drv-nvidia-legacy-1.0.7185-2.lvn7 and
kmod-nvidia-legacy-1.0.7185-2.2.6.21_1.3194.fc7 packages
2) download the driver utility from www.nvidia.com/object/unix.html (get the
correct one for your nvidia chipset)
3) yum install kernel-devel and gcc (if not already present)
4) run driver package utility (after chmod 755) 
5) startx , enable selinux
6) reboot - normal service resumes [Nvidia driver runs with SELINUX enabled]

The nvidia package copes with SELinux where the rpm does not.