Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 161920

Summary: After selinux-policy-targeted 1.17.30-3.13 installs, X fails with NVIDIA drivers
Product: [Fedora] Fedora Reporter: Greg Swallow <gswallow>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3CC: walt
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 1.17.30-3.16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-19 09:53:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Greg Swallow 2005-06-28 14:18:14 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

Description of problem:
Hi,

Here's what happened in our yum.log:

Jun 24 05:36:55 Installed: kernel.i686 2.6.11-1.35_FC3
Jun 25 04:46:50 Updated: HelixPlayer.i386 1:1.0.5-0.fc3.2
Jun 27 08:15:12 Updated: selinux-policy-targeted.noarch 1.17.30-3.13

Then, the NVIDIA drivers broke.  When I tried to start X it failed:

Jun 27 09:57:08 otto kernel: audit(1119884228.752:0): avc:  denied  { execmod } for  pid=4491 comm=X path=/usr/lib/tls/libnvidia-tls.so.1.0.7174 dev=hda2 ino=642018 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:08 otto fstab-sync[4633]: added mount point /media/floppy for /dev/fd0
Jun 27 09:57:09 otto kernel: audit(1119884229.269:0): avc:  denied  { execmod } for  pid=4491 comm=X path=/usr/X11R6/lib/modules/drivers/nvidia_drv.so dev=hda2 ino=898067 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:10 otto gdm[4476]: gdm_slave_xioerror_handler: Fatal X error - Restarting :0
Jun 27 09:57:14 otto kernel: audit(1119884234.127:0): avc:  denied  { execmod } for  pid=4670 comm=X path=/usr/lib/tls/libnvidia-tls.so.1.0.7174 dev=hda2 ino=642018 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:14 otto kernel: audit(1119884234.168:0): avc:  denied  { execmod } for  pid=4670 comm=X path=/usr/X11R6/lib/modules/drivers/nvidia_drv.so dev=hda2 ino=898067 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file

Disabling selinux in grub.conf fixes the issue.  Additionally, trying to reinstall the NVIDIA drivers (in case it were a kernel/driver mismatch) failed, too:

Jun 28 08:25:42 otto kernel: audit(1119965142.703:0): avc:  denied  { execmod } for  pid=6959 comm=nv-tmp-ymFwAI path=/tmp/nv-tmp-6qnCcG dev=hda2 ino=457526 scontext=root:system_r:unconfined_t tcontext=root:object_r:tmp_t tclass=file


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-3.13 kernel-2.6.11-1.35_FC3 NVIDIA-Linux-x86-1.0-7667

How reproducible:
Always

Steps to Reproduce:
1. Enable selinux
2. Try to start X with nvidia drivers installed
3.
  

Actual Results:  X wouldn't start.

Expected Results:  X should start.

Additional info:

Comment 1 Daniel Walsh 2005-07-03 15:20:49 UTC
Fixed in selinux-policy-targeted-1.17.30-3.16

Comment 2 Walter Justen 2005-08-19 09:53:22 UTC
update package is published