Summary: SELinux is preventing /usr/bin/boinc_client "open" access to device nvidiactl. Detailed Description: [boinc_client has a permissive type (boinc_t). This access was not denied.] SELinux has denied boinc_client "open" access to device nvidiactl. nvidiactl is mislabeled, this device has the default label of the /dev directory, which should not happen. All Character and/or Block Devices should have a label. You can attempt to change the label of the file using restorecon -v 'nvidiactl'. If this device remains labeled device_t, then this is a bug in SELinux policy. Please file a bg report. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR, and find a type that would work for nvidiactl, you can use chcon -t SIMILAR_TYPE 'nvidiactl', If this fixes the problem, you can make this permanent by executing semanage fcontext -a -t SIMILAR_TYPE 'nvidiactl' If the restorecon changes the context, this indicates that the application that created the device, created it without using SELinux APIs. If you can figure out which application created the device, please file a bug report against this application. Allowing Access: Attempt restorecon -v 'nvidiactl' or chcon -t SIMILAR_TYPE 'nvidiactl' Additional Information: Source Context unconfined_u:system_r:boinc_t:s0 Target Context system_u:object_r:device_t:s0 Target Objects nvidiactl [ chr_file ] Source boinc_client Source Path /usr/bin/boinc_client Port <Unknown> Host (removed) Source RPM Packages boinc-client-6.10.45-1.r21128svn.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-15.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name device Host Name (removed) Platform Linux rigel.milky.way 2.6.33.4-95.fc13.x86_64 #1 SMP Thu May 13 05:16:23 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Wed 26 May 2010 10:49:23 PM EDT Last Seen Wed 26 May 2010 10:49:23 PM EDT Local ID 2aa743f5-9116-4e8b-a426-dc5f7b48b749 Line Numbers Raw Audit Messages node=rigel.milky.way type=AVC msg=audit(1274928563.591:35): avc: denied { open } for pid=3041 comm="boinc_client" name="nvidiactl" dev=devtmpfs ino=17479 scontext=unconfined_u:system_r:boinc_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file node=rigel.milky.way type=SYSCALL msg=audit(1274928563.591:35): arch=c000003e syscall=2 success=yes exit=14 a0=7fff01dbc720 a1=2 a2=7fff01dbc72e a3=19 items=0 ppid=1 pid=3041 auid=500 uid=491 gid=472 euid=491 suid=491 fsuid=491 egid=472 sgid=472 fsgid=472 tty=(none) ses=1 comm="boinc_client" exe="/usr/bin/boinc_client" subj=unconfined_u:system_r:boinc_t:s0 key=(null) Hash String generated from device,boinc_client,boinc_t,device_t,chr_file,open audit2allow suggests: #============= boinc_t ============== allow boinc_t device_t:chr_file open;
*** This bug has been marked as a duplicate of bug 596573 ***