Red Hat Bugzilla – Bug 978615
Quake Live falls back to software rendering on HD 4000 graphics with setenforce 1
Last modified: 2013-07-06 21:33:25 EDT
This is Fedora 19 beta + all updates, mostly from "fedora" repo (so I assume it's basically F19 proper by now).
The system has i5-3317U CPU with HD 4000 graphics.
Quake Live (http://www.quakelive.com/) loads but works with like 5 fps on this system, gfxinfo shows Gallium/llvmpipe rendering.
I couldn't figure out what's the problem, as games like Neverball and Xonotic worked ok, not to mention glxinfo and glxgears. So I've tried setenforce 0 and voila - everything works! So it must be SELinux-related.
Maybe it's because libGL loads /usr/lib64/dri/i965_dri.so to which Firefox probably isn't allowed access? I really don't know.
I don't know where to get correct info about SELinux denials for this. Can you tell me where to look?
ausearch -m avc -ts recent
[root@ponton ~]# ausearch -m avc -ts recent
That explains no setroubleshoot whinge, I guess.
It's not a coincidence though, I can always fix this with setenforce 0 and break again by setting 1...
selinuxuser_direct_dri_enabled --> on
As I wrote in the original submission, everything OpenGL-related (including games like Xonotic) works. It's only Quake Live having a problem, presumably because it works from plugin-container, from Firefoxes context.
# semodule -DB
# ausearch -m avc,user_avc -ts recent
# grep context /var/log/messages
Currently we dont allow mozilla_plugin_t to use the /dev/dri type devices.
If you install and compile this policy, I bet it will work better
# cat > myfirefox.te << _EOF
# make -f /usr/share/selinux/devel/Makefile
# semodule -i myfirefox.pp
↑ That set of commands worked (with \` ;)). I can play in Enforcing mode now.
I guess that answers Miroslav's needinfo as well...
Can this be made into permanent policy update?
Will cause the plugins to use the selinuxuser_direct_dri_enabled boolean, which should be on by default.
selinux-policy-3.12.1-59.fc19 has been submitted as an update for Fedora 19.
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-59.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
selinux-policy-3.12.1-59.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.