Discussion:
selinux-policy-3.14.1-25 causes issues with nVidia drivers and sddm
Ed Greshko
2018-05-24 08:28:15 UTC
Permalink
Hi,

Updating to  selinux-policy-3.14.1-25 causes systems running KDE and sddm to boot to
a blank screen with only a mouse cursor.

This is the relevant AVC which seems to be the issue.

type=AVC msg=audit(1527130068.596:164): avc:  denied  { map } for  pid=1205
comm="sddm-greeter" path="/dev/nvidiactl" dev="devtmpfs" ino=17300
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=0

Should this be fixed in selinux or should the nVidia packager do something?
--
Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Lukas Vrabec
2018-05-24 12:03:40 UTC
Permalink
Post by Ed Greshko
Hi,
Updating to  selinux-policy-3.14.1-25 causes systems running KDE and sddm to boot to
a blank screen with only a mouse cursor.
HI,

I already know about this issue, right now building new packages and
will be in koji ASAP.

Lukas.
Post by Ed Greshko
This is the relevant AVC which seems to be the issue.
type=AVC msg=audit(1527130068.596:164): avc:  denied  { map } for  pid=1205
comm="sddm-greeter" path="/dev/nvidiactl" dev="devtmpfs" ino=17300
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=0
Should this be fixed in selinux or should the nVidia packager do something?
_______________________________________________
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
Ed Greshko
2018-05-24 12:49:28 UTC
Permalink
Post by Lukas Vrabec
Post by Ed Greshko
Hi,
Updating to  selinux-policy-3.14.1-25 causes systems running KDE and sddm to boot to
a blank screen with only a mouse cursor.
HI,
I already know about this issue, right now building new packages and
will be in koji ASAP.
Lukas.
Great.

Thanks!
--
Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Ed Greshko
2018-05-24 13:08:57 UTC
Permalink
Post by Lukas Vrabec
I already know about this issue, right now building new packages and
will be in koji ASAP.
If selinux-policy.noarch 3.14.1-28 was supposed to fix the issue, it doesn't.

Falling back to 3.14.1-24
--
Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Lukas Vrabec
2018-05-24 14:30:30 UTC
Permalink
Post by Ed Greshko
Post by Lukas Vrabec
I already know about this issue, right now building new packages and
will be in koji ASAP.
If selinux-policy.noarch 3.14.1-28 was supposed to fix the issue, it doesn't.
Falling back to 3.14.1-24
Could you please test following builds?

https://koji.fedoraproject.org/koji/buildinfo?buildID=1084439

Thanks,
Lukas.
Post by Ed Greshko
_______________________________________________
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
Ed Greshko
2018-05-24 14:45:37 UTC
Permalink
Post by Lukas Vrabec
Post by Ed Greshko
Post by Lukas Vrabec
I already know about this issue, right now building new packages and
will be in koji ASAP.
If selinux-policy.noarch 3.14.1-28 was supposed to fix the issue, it doesn't.
Falling back to 3.14.1-24
Could you please test following builds?
https://koji.fedoraproject.org/koji/buildinfo?buildID=1084439
Yes, that works just fine.

Thanks...
--
Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Loading...