Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: rhel-9.8
Component/s: pcp
Labels:
None

Regression:
No
Severity:
Low
sprint_count:
1

AssignedTeam:
rhel-pt-pcp
Sub-System Group:

ssg_platform_tools

Story Points:
1
ACKs Check:

QE ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
PT PCP Splitted

Preliminary Testing:
None
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:
Architecture:

x86_64

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

When pcp-pmda-nvidia-gpu is installed together with CUDA and libnvidia-ml, it generates AVC records. IMO these AVCs are not generated by pcp-pmda-nvidia-gpu, but by the libnvidia-ml library.

What is the impact of this issue to you?

Selinux AVC records

Please provide the package NVR for which the bug is seen:

pcp-6.3.7-5.el9

How reproducible is this bug?:

Always on x86_64 arch with CUDA and libnvidia-ml installed.

Steps to reproduce

Install CUDA and libnvidia-ml
Install and register pcp-pmda-nvidia-gpu
Start pmcd
Fetch some nvidia metrics
```
pminfo -f nvidia
```

Check for AVC
```
ausearch -m AVC
audit2allow -a
```

Expected results

No AVC record is generated.

Actual results

The following AVC records are generated:

# audit2allow -a
#============= pcp_pmcd_t ==============
allow pcp_pmcd_t device_t:chr_file ioctl;
allow pcp_pmcd_t xserver_misc_device_t:chr_file { ioctl open read write };

# ausearch -m AVC
type=PROCTITLE msg=audit(1764851493.253:2910): proctitle=2F7661722F6C69622F7063702F706D6461732F6E76696469612F706D64616E7669646961002D6400313230
type=SYSCALL msg=audit(1764851493.253:2910): arch=c000003e syscall=16 success=yes exit=0 a0=9 a1=c04846d2 a2=7fff72d79650 a3=0 items=0 ppid=114838 pid=122533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pmdanvidia" exe="/usr/libexec/pcp/pmdas/nvidia/pmdanvidia" subj=system_u:system_r:pcp_pmcd_t:s0 key=(null)
type=AVC msg=audit(1764851493.253:2910): avc:  denied  { ioctl } for  pid=122533 comm="pmdanvidia" path="/dev/nvidiactl" dev="devtmpfs" ino=1564 ioctlcmd=0x46d2 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
type=SYSCALL msg=audit(1764857556.036:1708): arch=c000003e syscall=257 success=yes exit=10 a0=ffffff9c a1=7ffef589f6e0 a2=80802 a3=0 items=0 ppid=51892 pid=52906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pmdanvidia" exe="/usr/libexec/pcp/pmdas/nvidia/pmdanvidia" subj=system_u:system_r:pcp_pmcd_t:s0 key=(null)
type=AVC msg=audit(1764857556.036:1708): avc:  denied  { open } for  pid=52906 comm="pmdanvidia" path="/dev/nvidia0" dev="devtmpfs" ino=1689 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1764857556.036:1708): avc:  denied  { read write } for  pid=52906 comm="pmdanvidia" name="nvidia0" dev="devtmpfs" ino=1689 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=1
time->Thu Dec  4 14:12:36 2025
type=PROCTITLE msg=audit(1764857556.036:1709): proctitle=2F7661722F6C69622F7063702F706D6461732F6E76696469612F706D64616E7669646961002D6400313230
type=SYSCALL msg=audit(1764857556.036:1709): arch=c000003e syscall=16 success=yes exit=0 a0=a a1=c00846da a2=7ffef589f810 a3=7ffef58a0690 items=0 ppid=51892 pid=52906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pmdanvidia" exe="/usr/libexec/pcp/pmdas/nvidia/pmdanvidia" subj=system_u:system_r:pcp_pmcd_t:s0 key=(null)
type=AVC msg=audit(1764857556.036:1709): avc:  denied  { ioctl } for  pid=52906 comm="pmdanvidia" path="/dev/nvidia0" dev="devtmpfs" ino=1689 ioctlcmd=0x46da scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=1
type=PROCTITLE msg=audit(1764857566.843:1875): proctitle=2F7661722F6C69622F7063702F706D6461732F6E76696469612F706D64616E7669646961002D6400313230
type=SYSCALL msg=audit(1764857566.843:1875): arch=c000003e syscall=16 success=yes exit=0 a0=9 a1=c04846d2 a2=7ffea19eeb50 a3=0 items=0 ppid=51892 pid=57340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pmdanvidia" exe="/usr/libexec/pcp/pmdas/nvidia/pmdanvidia" subj=system_u:system_r:pcp_pmcd_t:s0 key=(null)
type=AVC msg=audit(1764857566.843:1875): avc:  denied  { ioctl } for  pid=57340 comm="pmdanvidia" path="/dev/nvidiactl" dev="devtmpfs" ino=1525 ioctlcmd=0x46d2 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1

Assignee:: pcp-maint

Reporter:: Jan Kurik

Developer:: pcp-maint

QA Contact:: Jan Kurik

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2025/12/04 2:14 PM

Updated:: 2025/12/15 3:45 PM

Stale Date:: 2026/12/14

Details

Description

What were you trying to do that didn't work?

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

Steps to reproduce

Expected results

Actual results

Attachments

Easy Agile Planning Poker

Activity

People

Dates