View Single Post
Old 10-24-11, 04:02 AM   #4
goldmember
Registered User
 
Join Date: Sep 2005
Posts: 24
Default Re: Nvidia 290.03 crashes GDM 3.2.1.1

The problem was definitely SELinux related. GDM was unable to access /dev/nvidiactl, so this could hint to a labeling problem of nvidiactl. I tried it on an updated and a fresh Fedora 16 install and it happened in both cases. Doesn't the NVIDIA installer normally set appropriate exceptions for SELinux? If that's the case, there might be some missing.

Workarounds
1) running GDM as root
2) setenforce 0
3) manually create a policy file. here is the one i've used:


module mypol 1.0;

require {
type device_t;
type xdm_t;
class chr_file { read write ioctl open };
}

#============= xdm_t ==============
#!!!! The source type 'xdm_t' can write to a 'chr_file' of the following types:
# event_device_t, console_device_t, sound_device_t, xserver_misc_device_t, null_device_t, zero_device_t, agp_device_t, apm_bios_t, usb_device_t, devtty_t, virtio_device_t, v4l_device_t, tty_device_t, zero_device_t, dri_device_t

allow xdm_t device_t:chr_file { read write ioctl open };

----
audit.log shows the following (snipplet):
type=AVC msg=audit(1319444701.284:318): avc: denied { open } for pid=2672 comm="gnome-session-c" name="nvidiactl" dev=devtmpfs ino=16116 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1319444701.284:318): arch=c000003e syscall=2 success=yes exit=4 a0=7fff9eb98880 a1=2 a2=7fff9eb9888e a3=7fff9eb98210 items=0 ppid=2671 pid=2672 auid=42 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=6 comm="gnome-session-c" exe="/usr/libexec/gnome-session-check-accelerated-helper" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1319444701.285:319): avc: denied { ioctl } for pid=2672 comm="gnome-session-c" path="/dev/nvidiactl" dev=devtmpfs ino=16116 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1319444701.285:319): arch=c000003e syscall=16 success=yes exit=0 a0=4 a1=c04846d2 a2=7fff9eb98900 a3=7fff9eb98210 items=0 ppid=2671 pid=2672 auid=42 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=6 comm="gnome-session-c" exe="/usr/libexec/gnome-session-check-accelerated-helper" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1319444760.067:524): avc: denied { read write } for pid=2800 comm="gnome-session-c" name="nvidiactl" dev=devtmpfs ino=16116 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:device_t:s0 tclass=chr_file
goldmember is offline   Reply With Quote