Unable to use gdm, SELinux is preventing gnome-session-c from 'map' accesses on the chr_file /dev/nvidiactl
Issue
GDM fails to start, below denials seen in audit logs:
type=PROCTITLE msg=audit(xxx) : proctitle=/usr/bin/gnome-shell
type=PATH msg=audit(xxx) : item=0 name=/dev/nvidiactl inode=170050 dev=00:05 mode=character,666 ouid=root ogid=root rdev=c3:ff obj=system_u:object_r:device_t:s0 objtype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=CWD msg=audit(xxx) : cwd=/var/lib/gdm
type=SYSCALL msg=audit(xxx) : arch=x86_64 syscall=open success=no exit=EACCES(Permission denied) a0=0x7ffd12190330 a1=O_RDWR a2=0x7ffd1219033e ae=0x7ffd1218fd60 items=1 ppid=15804 pid=15872 auid=unset uid=gdm gid=gdm euid=gdm suid=gdm gsuid=gdm egid=gdm sgid=gdm fsgid=gdm tty=(none) ses=unset comm=gnome-shell exe=/usr/bin/gnome-shell subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit (xxx): avc: denied { read write } for pid=xxx comm="gnome-shell" name="nvidiactl" dev="devtmpfs" ino=170050 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=0
Environment
- Red Hat Enterprise Linux 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
