Description of problem: SELinux is preventing gnome-session-c from read, write access on the chr_file nvidiactl. ***** Plugin device (91.4 confidence) suggests **************************** If you want to allow gnome-session-c to have read write access on the nvidiactl chr_file Then sie müssen die Kennzeichnung von nvidiactl auf einen Typ eines ähnlichen Elementes ändern Do # semanage fcontext -a -t SIMILAR_TYPE 'nvidiactl' # restorecon -v 'nvidiactl' ***** Plugin catchall (9.59 confidence) suggests ************************** If sie denken, dass es gnome-session-c standardmässig erlaubt sein sollte, read write Zugriff auf nvidiactl chr_file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep gnome-session-c /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:device_t:s0 Target Objects nvidiactl [ chr_file ] Source gnome-session-c Source Path gnome-session-c Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-72.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.16.0-1.fc22.x86_64 #1 SMP Mon Aug 4 10:01:23 UTC 2014 x86_64 x86_64 Alert Count 36 First Seen 2014-08-09 23:15:36 CEST Last Seen 2014-08-15 14:31:11 CEST Local ID ce470f75-9afb-4b42-89b9-188026049c85 Raw Audit Messages type=AVC msg=audit(1408105871.775:388): avc: denied { read write } for pid=1345 comm="gnome-shell" name="nvidiactl" dev="devtmpfs" ino=18366 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=0 Hash: gnome-session-c,xdm_t,device_t,chr_file,read,write Version-Release number of selected component: selinux-policy-3.13.1-72.fc22.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.0-1.fc22.x86_64 type: libreport Potential duplicate: bug 694918
ls -lZ /dev/nvidiactl What every created this device, it created it with the wrong label. type_transition puppetagent_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition udev_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition kernel_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition authconfig_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition init_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition unconfined_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition sysadm_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition xserver_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition rpm_script_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition pegasus_t device_t : chr_file xserver_misc_device_t "nvidiactl"; type_transition neutron_t device_t : chr_file xserver_misc_device_t "nvidiactl"; Looks like we have lots of domains setup to create this device with the correct label.
*** Bug 1130595 has been marked as a duplicate of this bug. ***
*** Bug 1130519 has been marked as a duplicate of this bug. ***
*** Bug 1130522 has been marked as a duplicate of this bug. ***
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Just faced the issue with Fedora 22
$ LANG=C ls -lZ /dev/nvidiactl crw-rw-rw-. 1 root root system_u:object_r:device_t:s0 195, 255 Jul 1 18:01 /dev/nvidiactl
Workaround, just for reference: $ sudo restorecon -r -vv /dev/nvidiactl $ sudo restorecon -r -vv /dev/nvidia0 Expected labels: $ LANG=C ls -lZ /dev/nvidia* crw-rw-rw-. 1 root root system_u:object_r:xserver_misc_device_t:s0 195, 0 Jul 1 18:01 /dev/nvidia0 crw-rw-rw-. 1 root root system_u:object_r:xserver_misc_device_t:s0 195, 255 Jul 1 18:01 /dev/nvidiactl
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.