There doesn't seem to be any SELinux policy for the proprietary nvidia drivers, which breaks some stuff. For example, /dev/nvidia{0,ctl} ends up incorrectly labeled on boot, causing me to be unable to start X.org. Running ‘restorecon /dev/nvidia*’ manually after booting resets it to xserver_misc_device_t, which allows me to successfully start X, but other stuff still breaks (for example, mplayer_t cannot create an OpenGL context). Perhaps there's a better label for it? Either way, this probably deserves some attention upstream. Reproducible: Always
We'll need a dev with an nVidia card to supply us with the necessary policy updates :-( The incorrect label of /dev/nvidia* is something we need to look into, because *usually* udev relabels the files it creates in /dev. When is /dev/nvidia* created - is it not at the same time as the other "regular" devices?
I'm not sure how to debug that, but it probably happens when the nvidia module gets loaded. I'm not sure when exactly that is the case. There are some entries in /etc/modprobe.d/nvidia.conf, for that matter. (I'm using eudev rather than udev, in case it makes a difference.)
I'm also experiencing this. I'm not sure what the options are in the modprobe.d conf file, I couldn't find a way to relabel it from there. My DM starts up just fine, but when I go to log in to KDE it doesn't actually allow the WM to function unless I relabel the NVidia-modeset file. It's the modeset device specifically for me, it gets labled as I think misc_dri_t or something along those lines automatically, it needs to be xserver_misc_device_t.
From what I remember, when I used proprietary driver I used selinux_gentoo service which did restorecon on /dev on boot, not sure if it's present on recent systems.
