242496 – Selinux is stopping the nvidia-legacy driver from starting

Bug 242496 - Selinux is stopping the nvidia-legacy driver from starting

Summary: Selinux is stopping the nvidia-legacy driver from starting

Keywords:
Status:	CLOSED DUPLICATE of bug 241712
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	udev
Sub Component:
Version:	7
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-04 15:24 UTC by Martin Thain
Modified:	2007-11-30 22:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2007-06-04 19:57:11 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
startup logs (818.47 KB, application/octet-stream) 2007-06-04 15:24 UTC, Martin Thain	no flags	Details
View All

Description Martin Thain 2007-06-04 15:24:25 UTC

Description of problem:

Selinux is stopping the nvidia-legacy driver from starting.

Version-Release number of selected component (if applicable):
Linux skywalker 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:35:01 EDT 2007 i686 i686
i386 GNU/Linux
xorg-x11-drv-nvidia-legacy-1.0.7185-2.lvn7
kmod-nvidia-legacy-1.0.7185-2.2.6.21_1.3194.fc7


How reproducible:

every time

Steps to Reproduce:
1. upgrade FC6 to F7
2. attempt to start F7 - fails at udev time 
3. NOTE if SElinux id disabled the driver starts OK
  
Actual results:
X fails to start

Expected results:
X should start

Additional info:
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:4): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidia0" dev=dm-0 ino=6874607
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:5): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidia1" dev=dm-0 ino=6874669
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:6): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidia2" dev=dm-0 ino=6874701
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:7): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidia3" dev=dm-0 ino=6874704
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file
Jun  4 15:29:19 skywalker kernel: audit(1180967326.280:8): avc:  denied  {
getattr } for  pid=418 comm="cp" name="nvidiactl" dev=dm-0 ino=6874774
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=chr_file

Comment 1 Martin Thain 2007-06-04 15:24:26 UTC

Created attachment 156085 [details]
startup logs

Comment 2 Daniel Walsh 2007-06-04 19:57:11 UTC


*** This bug has been marked as a duplicate of 241712 ***

Comment 3 Martin Thain 2007-06-05 11:35:54 UTC

A better work around I found was to
1) remove the xorg-x11-drv-nvidia-legacy-1.0.7185-2.lvn7 and
kmod-nvidia-legacy-1.0.7185-2.2.6.21_1.3194.fc7 packages
2) download the driver utility from www.nvidia.com/object/unix.html (get the
correct one for your nvidia chipset)
3) yum install kernel-devel and gcc (if not already present)
4) run driver package utility (after chmod 755) 
5) startx , enable selinux
6) reboot - normal service resumes [Nvidia driver runs with SELINUX enabled]

The nvidia package copes with SELinux where the rpm does not.

Note You need to log in before you can comment on or make changes to this bug.