This is just a notice to others who may run into this....
I just updated a system where I use the nVidia drivers from rpmfusion. After the update I could not get a login screen. Just a mouse cursor on a black background. I found there to be an selinux AVC.
type=AVC msg=audit(1527130068.596:164): avc: denied { map } for pid=1205 comm="sddm-greeter" path="/dev/nvidiactl" dev="devtmpfs" ino=17300 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=0
Ran...
ausearch -c 'sddm-greeter' --raw | audit2allow -M my-sddmgreeter semodule -X 300 -i my-sddmgreeter.pp
to fix the problem.
The transaction of the update was for the following.
Upgraded gstreamer1-1.14.0-1.fc28.x86_64 Upgrade 1.14.1-1.fc28.x86_64 Upgraded ibus-table-1.9.18-2.fc28.noarch Upgrade 1.9.20-1.fc28.noarch Upgraded ibus-table-devel-1.9.18-2.fc28.noarch Upgrade 1.9.20-1.fc28.noarch Erase kernel-4.16.7-300.fc28.x86_64 Install kernel-4.16.10-300.fc28.x86_64 Erase kernel-core-4.16.7-300.fc28.x86_64 Install kernel-core-4.16.10-300.fc28.x86_64 Erase kernel-devel-4.16.7-300.fc28.x86_64 Install kernel-devel-4.16.10-300.fc28.x86_64 Upgraded kernel-headers-4.16.9-300.fc28.x86_64 Upgrade 4.16.10-300.fc28.x86_64 Erase kernel-modules-4.16.7-300.fc28.x86_64 Install kernel-modules-4.16.10-300.fc28.x86_64 Erase kernel-modules-extra-4.16.7-300.fc28.x86_64 Install kernel-modules-extra-4.16.10-300.fc28.x86_64 Erase kmod-nvidia-4.16.7-300.fc28.x86_64-3:390.48-1.fc28.x86_64 Upgraded libepoxy-1.5.1-1.fc28.x86_64 Upgrade 1.5.2-1.fc28.x86_64 Upgraded libgnomekbd-3.26.0-4.fc28.x86_64 Upgrade 3.26.0-5.fc28.x86_64 Upgraded libidn2-2.0.4-7.fc28.x86_64 Upgrade 2.0.5-1.fc28.x86_64 Upgraded libipa_hbac-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded libkworkspace5-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-3.fc28.x86_64 Upgraded libsss_autofs-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded libsss_certmap-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded libsss_idmap-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded libsss_nss_idmap-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded libsss_simpleifp-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded libsss_sudo-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded libwacom-0.28-3.fc28.x86_64 Upgrade 0.30-1.fc28.x86_64 Upgraded libwacom-data-0.28-3.fc28.noarch Upgrade 0.30-1.fc28.noarch Upgraded nodejs-1:8.11.0-1.fc28.x86_64 Upgrade 1:8.11.2-1.fc28.x86_64 Upgraded npm-1:5.6.0-1.8.11.0.1.fc28.x86_64 Upgrade 1:5.6.0-1.8.11.2.1.fc28.x86_64 Upgraded pam-1.3.0-10.fc28.x86_64 Upgrade 1.3.1-1.fc28.x86_64 Upgraded plasma-discover-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-2.fc28.x86_64 Upgraded plasma-discover-flatpak-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-2.fc28.x86_64 Upgraded plasma-discover-libs-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-2.fc28.x86_64 Upgraded plasma-lookandfeel-fedora-5.12.5-1.fc28.noarch Upgrade 5.12.5-3.fc28.noarch Upgraded plasma-workspace-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-3.fc28.x86_64 Upgraded plasma-workspace-common-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-3.fc28.x86_64 Upgraded plasma-workspace-geolocation-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-3.fc28.x86_64 Upgraded plasma-workspace-geolocation-libs-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-3.fc28.x86_64 Upgraded plasma-workspace-libs-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-3.fc28.x86_64 Upgraded plasma-workspace-wayland-5.12.5-1.fc28.x86_64 Upgrade 5.12.5-3.fc28.x86_64 Upgraded python3-sss-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded python3-sssdconfig-1.16.1-4.fc28.noarch Upgrade 1.16.1-8.fc28.noarch Upgraded qt-1:4.8.7-36.fc28.x86_64 Upgrade 1:4.8.7-40.fc28.x86_64 Upgraded qt-common-1:4.8.7-36.fc28.noarch Upgrade 1:4.8.7-40.fc28.noarch Upgraded qt-x11-1:4.8.7-36.fc28.x86_64 Upgrade 1:4.8.7-40.fc28.x86_64 Upgraded sddm-breeze-5.12.5-1.fc28.noarch Upgrade 5.12.5-3.fc28.noarch Upgraded selinux-policy-3.14.1-24.fc28.noarch Upgrade 3.14.1-25.fc28.noarch Upgraded selinux-policy-targeted-3.14.1-24.fc28.noarch Upgrade 3.14.1-25.fc28.noarch Upgraded sssd-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-ad-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-client-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-common-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-common-pac-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-dbus-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-ipa-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-kcm-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-krb5-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-krb5-common-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-ldap-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-nfs-idmap-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-proxy-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded sssd-tools-1.16.1-4.fc28.x86_64 Upgrade 1.16.1-8.fc28.x86_64 Upgraded volume_key-libs-0.3.9-19.fc28.x86_64 Upgrade 0.3.10-1.fc28.x86_64 Upgraded vte-profile-0.52.1-1.fc28.x86_64 Upgrade 0.52.2-1.fc28.x86_64 Upgraded vte291-0.52.1-1.fc28.x86_64
On 05/24/2018 08:57 AM, Ed Greshko wrote:
This is just a notice to others who may run into this....
I just updated a system where I use the nVidia drivers from rpmfusion. After the update I could not get a login screen. Just a mouse cursor on a black background. I found there to be an selinux AVC.
Thanks. I too got hit by this problem and was struggling since yesterday after the update. Couldn't find a solution as I was fixated on the "sddm-greeter crashed" message from systemctl and online searches did not yield any results. So I switched to kdm and booted the machine.
Your solution works great. Thank you again.
Syam
On 05/26/18 09:41, Syam Krishnan wrote:
On 05/24/2018 08:57 AM, Ed Greshko wrote:
This is just a notice to others who may run into this....
I just updated a system where I use the nVidia drivers from rpmfusion. After the update I could not get a login screen. Just a mouse cursor on a black background. I found there to be an selinux AVC.
Thanks. I too got hit by this problem and was struggling since yesterday after the update. Couldn't find a solution as I was fixated on the "sddm-greeter crashed" message from systemctl and online searches did not yield any results. So I switched to kdm and booted the machine.
Your solution works great. Thank you again.
The *real* fix is coming to the repos. Should be in updates-testing. Update to selinux-policy-3.14.1-29 and all will be fine. You can then remove the local module.
On 05/26/2018 07:43 AM, Ed Greshko wrote:
The *real* fix is coming to the repos. Should be in updates-testing. Update to selinux-policy-3.14.1-29 and all will be fine. You can then remove the local module.
Do I need to keep that pp file around till that time? I deleted it (along with a .te file, if I remember correctly) after running semodule. I haven't rebooted since.
Syam
On 05/26/18 11:03, Syam Krishnan wrote:
On 05/26/2018 07:43 AM, Ed Greshko wrote:
The *real* fix is coming to the repos. Should be in updates-testing. Update to selinux-policy-3.14.1-29 and all will be fine. You can then remove the local module.
Do I need to keep that pp file around till that time? I deleted it (along with a .te file, if I remember correctly) after running semodule. I haven't rebooted since.
No need to keep those files around. Once the module is installed it stays installed until removed.
When you update the selinux-policy just do (assuming you did the same commands as I did)
semodule -X 300 -r my-sddmgreeter (This removes the module)
and reboot
-
Ed Greshko -
Syam Krishnan