Description of problem: I booted Fedora-KDE-Live-x86_64-Rawhide-20220624.n.1.iso in a Gnome Boxes QEMU/KVM VM with 3 GB RAM and EFI enabled. plymouthd was denied reading and writing to /dev/dri/card1 while booting. AVC avc: denied { read write } for pid=995 comm="plymouthd" name="card1" dev="devtmpfs" ino=469 scontext=system_u:system_r:plymouthd_t:s0 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=0 ls -lZi /dev/dri/card1 showed that it had dri_device_t type in the VM, but the target context type was xserver_misc_device_t in the denial message. These denials happened both with 3D acceleration disabled using the llvmpipe mesa driver and virtio GPU and 3D acceleration enabled using the virgl mesa driver. The denials didn't appear to happen when I booted the same image on bare metal from a USB flash drive using the radeonsi mesa driver and amdgpu kernel driver with an integrated AMD Radeon R5 GPU. Version-Release number of selected component (if applicable): selinux-policy-37.5-1.fc37.noarch kernel-5.19.0-0.rc3.20220623gitde5c208d533a.29.fc37.x86_64 plymouth-22.02.122-1.fc37 mesa-22.1.2-1.fc37 How reproducible: The denials happened most of the time when booting Fedora-KDE-Live-x86_64-Rawhide-20220624.n.1.iso in a GNOME Boxes QEMU/KVM VM. I think they didn't appear if I had pressed Esc while the plymouth screen was shown during boot. Steps to Reproduce: 1. Boot a Fedora 36 KDE Plasma installation 2. Log in to Plasma on Wayland 3. download Fedora-KDE-Live-x86_64-Rawhide-20220624.n.1.iso from https://koji.fedoraproject.org/koji/buildinfo?buildID=1993562 4. install GNOME Boxes if it isn't already with sudo dnf install gnome-boxes 5. start GNOME Boxes 6. boot a QEMU/KVM VM in GNOME Boxes using Fedora-KDE-Live-x86_64-Rawhide-20220624.n.1.iso with 3 GB RAM and EFI enabled Actual results: plymouthd was denied reading and writing to /dev/dri/card1 while booting Rawhide in a VM Expected results: No denials would happen. Additional info:
Start Fedora-KDE-Live Rawhide must be selected in GRUB for this denial to appear in the journal because the plymouth screen with the spinner appears with this option as it has rhgb on the kernel command line. When Test this media & start Fedora-KDE-Live Rawhide (the default) is selected in GRUB, the plymouth screen with the spinner doesn't appear because rhgb isn't on the kernel command line, and the denial doesn't appear in the journal. This denial still happens with Fedora-KDE-Live-x86_64-Rawhide-20220725.n.1.iso.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle. Changing version to 37.
FEDORA-2023-e74ea79879 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-e74ea79879
FEDORA-2023-e74ea79879 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-e74ea79879` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-e74ea79879 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-e74ea79879 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.