-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-9.6
-
None
-
pcp-6.3.7-1.el9_6
-
No
-
Low
-
1
-
rhel-sst-pt-pcp
-
ssg_platform_tools
-
1
-
Dev ack
-
False
-
-
No
-
PT PCP 2025 S04
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
What were you trying to do that didn't work?
When pcp-pmda-nvidia-gpu is installed together with libnvidia-ml, it generates AVC records. IMO these AVCs are not generated by pcp-pmda-nvidia-gpu, but by the libnvidia-ml library.
What is the impact of this issue to you?
Selinux AVC records
Please provide the package NVR for which the bug is seen:
pcp-6.3.4-1.el9_6
How reproducible is this bug?:
Always on x86_64 arch with libnvidia-ml installed.
Steps to reproduce
- Install and register pcp-pmda-nvidia-gpu
- Install libnvidia-ml
- Start pmcd
- Fetch some nvidia metrics
pminfo -f nvidia
- Check for AVC
ausearch -m AVC audit2allow -a
Expected results
No AVC record is generated.
Actual results
The following AVC records are generated:
# audit2allow -a
#============= pcp_pmcd_t ==============
allow pcp_pmcd_t device_t:chr_file { create setattr write };
allow pcp_pmcd_t device_t:dir { add_name remove_name write };
allow pcp_pmcd_t device_t:lnk_file { create unlink };
allow pcp_pmcd_t self:capability mknod;
allow pcp_pmcd_t sysctl_vm_t:file { getattr open read };
# ausearch -m AVC ... see the attached ausearch.log file
Note
The AVC records are obviously not generated by the pmda it self, but by the libnvidia-ml library. As this is a 3rd party library which we do not have under control, I would recommend to just document the behavior in README file (man page ?) of the pmda, similarly as in i.e. lio pmda.
- relates to
-
RHEL-80722 Streamline PCP NVIDIA metrics setup with libnvidia-ml dso
-
- Release Pending
-
- links to
-
RHBA-2025:147178
pcp bug fix and enhancement update
