Bug 732221
Summary: | Please add /dev/nvidia0 and /dev/nvidiactl to /etc/selinux/restorecond.conf for nvidia user | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | sangu <sangu.fedora> |
Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | dwalsh, eparis, mgrepl, vshebordaev |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-11-07 22:58:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
sangu
2011-08-21 00:16:28 UTC
Sorry, my mistake. bug 694918, comment 1 Well it should work in F16 without restorecond. what does # rpm -q selinux-policy show (In reply to comment #2) > Well it should work in F16 without restorecond. > > what does > > # rpm -q selinux-policy > > show $ rpm -q selinux-policy selinux-policy-3.10.0-18.fc16.noarch and you end up with /dev/nvidia0 labeled as device_t always? This is strange. What process is creating these devices? maybe one could determine what is creating these files by adding the following line to /etc/audit/audit.rules -a exit,always -F path=/dev/nvidiact -F perm=rwxa make sure audit is enabled and reboot. attach /var/log/audit/audit.log and hopefully we can see what is creating it.... (In reply to comment #5) > What process is creating these devices? Well, I guess it is their Xorg server module that creates those /dev entries via inotify() as long as their kernel module does nothing special but register_chrdev() completely bypassing kobject infrastructure. So, it seems that proper restorecond configuration currently is the only way to set the correct security labels. I also confirm that as of 07-NOV-11 this nasty bug persists in Fedora 16 closing as a dup, fixed in selinux-policy-3.10.0-52.fc16.noarch *** This bug has been marked as a duplicate of bug 748069 *** |