@marel Thanks for catching that.
Typo on my part. It is ok now. 
Here is what SElinux result this morning with:
sudo ausearch -c 'nvidia-modprobe'
time->Tue Mar 17 10:33:38 2026
type=AVC msg=audit(1773758018.540:232): avc: denied { sys_admin } for pid=10972 comm="nvidia-modprobe" capability=21 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability permissive=0
@conram So update your bug report accordingly.
I filed a bug report:
1259809 – Selinux nvidia-modprobe
Something seems off with your system: thumb_t is used for thumbnail generation, from the git commit introducing it to the selinux policy:
Add comprehensive SELinux policy module for bwrap thumbnail generation
Thumbnail services (Tumbler/GNOME Desktop Thumbnailer) use bwrap
(bubblewrap) to generate thumbnails in a secure sandbox, e.g. when
taking screenshots or viewing images in the file manager (Thunar/GNOME Files).
I wonder how nvidia-modprobe can even end up in that selinux context. Can you add to the bug the output of:
sudo semanage module -C -l
My suspicion is that you added a lot of additional rules that break selinux contexts transition.
Hi @rfrohl
No I didn’t add any rules on SElinux.
When tumbleweed replaced apparmor with SElinux, I remove apparmor and replace it with SElinux. This tumbleweed is using it as is without any modification
This the the output of
sudo semanage module -C -l
Module Name Priority Language
I will add this in my bug report.
Thanks.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.