-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-10.2
-
None
-
No
-
Low
-
1
-
rhel-pt-pcp
-
ssg_platform_tools
-
1
-
QE ack, Dev ack
-
False
-
False
-
-
No
-
PT PCP Splitted
-
None
-
Automated
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
What were you trying to do that didn't work?
When pcp-pmda-nvidia-gpu is installed together with CUDA and libnvidia-ml, it generates AVC records. IMO these AVCs are not generated by pcp-pmda-nvidia-gpu, but by the libnvidia-ml library.
What is the impact of this issue to you?
Selinux AVC records
Please provide the package NVR for which the bug is seen:
pcp-7.0.3-1.el10
How reproducible is this bug?:
Always on x86_64 arch with CUDA and libnvidia-ml installed.
Steps to reproduce
- Install CUDA and libnvidia-ml
- Install and register pcp-pmda-nvidia-gpu
- Start pmcd
- Fetch some nvidia metrics
pminfo -f nvidia
- Check for AVC
ausearch -m AVC audit2allow -a
Expected results
No AVC record is generated.
Actual results
The following AVC records are generated:
# audit2allow -a #============= pcp_pmcd_t ============== allow pcp_pmcd_t device_t:chr_file ioctl;
# ausearch -m AVC type=PROCTITLE msg=audit(1764851493.253:2910): proctitle=2F7661722F6C69622F7063702F706D6461732F6E76696469612F706D64616E7669646961002D6400313230 type=SYSCALL msg=audit(1764851493.253:2910): arch=c000003e syscall=16 success=yes exit=0 a0=9 a1=c04846d2 a2=7fff72d79650 a3=0 items=0 ppid=114838 pid=122533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pmdanvidia" exe="/usr/libexec/pcp/pmdas/nvidia/pmdanvidia" subj=system_u:system_r:pcp_pmcd_t:s0 key=(null) type=AVC msg=audit(1764851493.253:2910): avc: denied { ioctl } for pid=122533 comm="pmdanvidia" path="/dev/nvidiactl" dev="devtmpfs" ino=1564 ioctlcmd=0x46d2 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
