Wat is the reaction of selinux to the nvidia driver. Does selinux try to prevent the nvidia driver from being loaded?
Alexander
30.05.2011, 18:47, "Alexander Volovics" a.volovic@upcmail.nl:
Wat is the reaction of selinux to the nvidia driver. Does selinux try to prevent the nvidia driver from being loaded?
Alexander
Nope. I've been using them together and experienced no issues.
On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote:
30.05.2011, 18:47, "Alexander Volovics" a.volovic@upcmail.nl:
Wat is the reaction of selinux to the nvidia driver. Does selinux try to prevent the nvidia driver from being loaded?
Nope. I've been using them together and experienced no issues.
Thanks. Then I guess I should finally start reading up on selinux and not trust my 'intuition' anymore. I thought the nvidia driver being a "fremdkörper" and all ...
Alexander
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/30/2011 06:40 AM, Alexander Volovics wrote:
On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote:
30.05.2011, 18:47, "Alexander Volovics" a.volovic@upcmail.nl:
Wat is the reaction of selinux to the nvidia driver. Does selinux try to prevent the nvidia driver from being loaded?
Nope. I've been using them together and experienced no issues.
Thanks. Then I guess I should finally start reading up on selinux and not trust my 'intuition' anymore. I thought the nvidia driver being a "fremdkörper" and all ...
Alexander
Sometimes the nvidia driver device can be mislabled, which can cause SELinux issues. In the past we have had problems with nvidia requiring GUI apps to need execstack and execmem, but we are now allowing these by default.
On Tue, 31 May 2011 10:30:21 -0400, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/30/2011 06:40 AM, Alexander Volovics wrote:
On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote:
30.05.2011, 18:47, "Alexander Volovics" a.volovic@upcmail.nl:
Wat is the reaction of selinux to the nvidia driver. Does selinux try to prevent the nvidia driver from being loaded?
Nope. I've been using them together and experienced no issues.
Thanks. Then I guess I should finally start reading up on selinux and not trust my 'intuition' anymore. I thought the nvidia driver being a "fremdkörper" and all ...
Alexander
Sometimes the nvidia driver device can be mislabled, which can cause SELinux issues. In the past we have had problems with nvidia requiring GUI apps to need execstack and execmem, but we are now allowing these by default.
Dan, that's nice to know. The NVidia installer does the following:
Linux installations using SELinux (Security-Enhanced Linux) require that the security type of all shared libraries be set to 'shlib_t' or 'textrel_shlib_t', depending on the distribution. nvidia-installer will detect when to set the security type, and set it using chcon(1) on the shared libraries it installs. If the execstack(8) system utility is present, nvidia-installer will use it to also clear the executable stack flag of the libraries. Use this option to override nvidia-installer's detection of when to set the security type. Valid values for FORCE-SELINUX are 'yes' (force setting of the security type), 'no' (prevent setting of the security type), and 'default' (let nvidia-installer decide when to set the security type).
That's the documentation from <driver-name> --advanced-options. I also use a script with semanage fcontext to clean up some issues. I should try not running the script next time I upgrade and see if there are performance issues / SELinux warnings (I normally run in permissive mode).
If I do find issues, should I report it on the Fedora buglist (change in SELinux policy), NVidia forum (change in their installer script), or both?
. . . . just my two cents.
/mde/
-
Alexander Volovics -
Daniel J Walsh -
Mark Eggers -
Misha Shnurapet