Bug 242102 - kmod-nvidia udev_t selinux policy problem by F7
Summary: kmod-nvidia udev_t selinux policy problem by F7
Status: CLOSED DUPLICATE of bug 241712
Alias: None
Product: Fedora
Classification: Fedora
Component: udev   
(Show other bugs)
Version: rawhide
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-01 17:51 UTC by aldoem
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-04 15:44:21 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description aldoem 2007-06-01 17:51:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.4) Gecko/20070530 Fedora/2.0.0.4-1.fc7 Firefox/2.0.0.4

Description of problem:
Kmod-nvidia from livna with fedora 7 kernel 2.6.21-1.3194.fc7 crash X server. cause: 
Jun  1 01:31:13 fedora kernel: audit(1180654249.239:4): avc:  denied  { getattr } for  pid=408 comm="cp" name="nvidia0" dev=sda4 ino=278538 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=chr_file

Jun  1 01:31:13 fedora kernel: audit(1180654249.239:5): avc:  denied  { getattr } for  pid=408 comm="cp" name="nvidia1" dev=sda4 ino=278539 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=chr_file

Jun  1 01:31:13 fedora kernel: audit(1180654249.239:6): avc:  denied  { getattr } for  pid=408 comm="cp" name="nvidia2" dev=sda4 ino=278540 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=chr_file

Jun  1 01:31:13 fedora kernel: audit(1180654249.239:7): avc:  denied  { getattr } for  pid=408 comm="cp" name="nvidia3" dev=sda4 ino=278541 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=chr_file

Jun  1 01:31:13 fedora kernel: audit(1180654249.239:8): avc:  denied  { getattr } for  pid=408 comm="cp" name="nvidiactl" dev=sda4 ino=278542 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=chr_file

after audit2allow -d i have:

#============= udev_t ==============
allow udev_t etc_t:chr_file { getattr create setattr };

its muss be in selinux policy.

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. system start
2. x server over kmod-nvidia crash
3. selinux to permissive then works

Actual Results:


Expected Results:


Additional info:

Comment 1 Daniel Walsh 2007-06-01 18:01:15 UTC
udev should not be creating devices (chr_file in /etc/)  Why aren;t these
created in /dev?

Comment 2 aldoem 2007-06-01 18:17:16 UTC
i don't know, i only install kmod-nvidia fron livna. it only work without selinux.

Comment 3 Harald Hoyer 2007-06-04 15:44:21 UTC

*** This bug has been marked as a duplicate of 241712 ***


Note You need to log in before you can comment on or make changes to this bug.