Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161920 - After selinux-policy-targeted 1.17.30-3.13 installs, X fails with NVIDIA drivers
Summary: After selinux-policy-targeted 1.17.30-3.13 installs, X fails with NVIDIA drivers
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-28 14:18 UTC by Greg Swallow
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version: 1.17.30-3.16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-08-19 09:53:22 UTC


Attachments (Terms of Use)

Description Greg Swallow 2005-06-28 14:18:14 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

Description of problem:
Hi,

Here's what happened in our yum.log:

Jun 24 05:36:55 Installed: kernel.i686 2.6.11-1.35_FC3
Jun 25 04:46:50 Updated: HelixPlayer.i386 1:1.0.5-0.fc3.2
Jun 27 08:15:12 Updated: selinux-policy-targeted.noarch 1.17.30-3.13

Then, the NVIDIA drivers broke.  When I tried to start X it failed:

Jun 27 09:57:08 otto kernel: audit(1119884228.752:0): avc:  denied  { execmod } for  pid=4491 comm=X path=/usr/lib/tls/libnvidia-tls.so.1.0.7174 dev=hda2 ino=642018 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:08 otto fstab-sync[4633]: added mount point /media/floppy for /dev/fd0
Jun 27 09:57:09 otto kernel: audit(1119884229.269:0): avc:  denied  { execmod } for  pid=4491 comm=X path=/usr/X11R6/lib/modules/drivers/nvidia_drv.so dev=hda2 ino=898067 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:10 otto gdm[4476]: gdm_slave_xioerror_handler: Fatal X error - Restarting :0
Jun 27 09:57:14 otto kernel: audit(1119884234.127:0): avc:  denied  { execmod } for  pid=4670 comm=X path=/usr/lib/tls/libnvidia-tls.so.1.0.7174 dev=hda2 ino=642018 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file
Jun 27 09:57:14 otto kernel: audit(1119884234.168:0): avc:  denied  { execmod } for  pid=4670 comm=X path=/usr/X11R6/lib/modules/drivers/nvidia_drv.so dev=hda2 ino=898067 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t tclass=file

Disabling selinux in grub.conf fixes the issue.  Additionally, trying to reinstall the NVIDIA drivers (in case it were a kernel/driver mismatch) failed, too:

Jun 28 08:25:42 otto kernel: audit(1119965142.703:0): avc:  denied  { execmod } for  pid=6959 comm=nv-tmp-ymFwAI path=/tmp/nv-tmp-6qnCcG dev=hda2 ino=457526 scontext=root:system_r:unconfined_t tcontext=root:object_r:tmp_t tclass=file


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-3.13 kernel-2.6.11-1.35_FC3 NVIDIA-Linux-x86-1.0-7667

How reproducible:
Always

Steps to Reproduce:
1. Enable selinux
2. Try to start X with nvidia drivers installed
3.
  

Actual Results:  X wouldn't start.

Expected Results:  X should start.

Additional info:

Comment 1 Daniel Walsh 2005-07-03 15:20:49 UTC
Fixed in selinux-policy-targeted-1.17.30-3.16

Comment 2 Walter Justen 2005-08-19 09:53:22 UTC
update package is published


Note You need to log in before you can comment on or make changes to this bug.