Description of problem: Changed GPU Drivers from Nouveau to Nvidia due to Nouveau sometimes crashing at startup and forcing boot to emergency mode. Now I am getting an 'selinux AVC Denial', on checking details it says nvidia-modprobe is being denied access to a directory or file. Version-Release number of selected component (if applicable): Unsure. How reproducible: Unsure. Steps to Reproduce: 1. Download Nvidia Drivers. Driver version was Linux x64 / AMD64, v390.48 2. Install Nvidia Drivers using the instructions here: https://www.if-not-true-then-false.com/2015/fedora-nvidia-guide/ 3. Reboot and look for selinux errors. Expected results: 'selinux detects a problem' occurs, and summary mentions nvidia-modprobe. Additional info: selinux details report follows: --------------------------------- SELinux is preventing nvidia-modprobe from add_name access on the directory nvidiactl. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that nvidia-modprobe should be allowed add_name access on the nvidiactl directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'nvidia-modprobe' --raw | audit2allow -M my-nvidiamodprobe # semodule -X 300 -i my-nvidiamodprobe.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:device_t:s0 Target Objects nvidiactl [ dir ] Source nvidia-modprobe Source Path nvidia-modprobe Port <Unknown> Host rolandjamesaskew-com Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.30.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name rolandjamesaskew-com Platform Linux rolandjamesaskew-com 4.15.17-300.fc27.x86_64 #1 SMP Thu Apr 12 18:19:17 UTC 2018 x86_64 x86_64 Alert Count 48 First Seen 2018-04-08 12:47:01 NZST Last Seen 2018-04-24 10:04:28 NZST Local ID a77ba779-1a9a-43ba-9bc4-96b7ec5d6fec Raw Audit Messages type=AVC msg=audit(1524521068.962:196): avc: denied { add_name } for pid=1798 comm="nvidia-modprobe" name="nvidiactl" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=dir permissive=0 Hash: nvidia-modprobe,xdm_t,device_t,dir,add_name -----------------------------
selinux-policy-3.13.1-283.35.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2a57dc63c1
selinux-policy-3.13.1-283.35.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2a57dc63c1
selinux-policy-3.13.1-283.35.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.