Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   Selinux and Nvidia drivers (http://www.linux-archive.org/fedora-user/532418-selinux-nvidia-drivers.html)

Alexander Volovics 05-30-2011 09:47 AM

Selinux and Nvidia drivers
 
Wat is the reaction of selinux to the nvidia driver.
Does selinux try to prevent the nvidia driver from being loaded?

Alexander

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Misha Shnurapet 05-30-2011 10:25 AM

Selinux and Nvidia drivers
 
30.05.2011, 18:47, "Alexander Volovics" <a.volovic@upcmail.nl>:
> Wat is the reaction of selinux to the nvidia driver.
> Does selinux try to prevent the nvidia driver from being loaded?
>
> Alexander

Nope. I've been using them together and experienced no issues.

--
Best regards,
Misha Shnurapet, Fedora Project Contributor
https://fedoraproject.org/wiki/Shnurapet
shnurapet AT fedoraproject.org, GPG: 00217306
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Alexander Volovics 05-30-2011 10:40 AM

Selinux and Nvidia drivers
 
On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote:

> 30.05.2011, 18:47, "Alexander Volovics" <a.volovic@upcmail.nl>:
> > Wat is the reaction of selinux to the nvidia driver.
> > Does selinux try to prevent the nvidia driver from being loaded?

> Nope. I've been using them together and experienced no issues.

Thanks. Then I guess I should finally start reading up on
selinux and not trust my 'intuition' anymore.
I thought the nvidia driver being a "fremdkörper" and all ...

Alexander

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Daniel J Walsh 05-31-2011 02:30 PM

Selinux and Nvidia drivers
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/30/2011 06:40 AM, Alexander Volovics wrote:
> On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote:
>
>> 30.05.2011, 18:47, "Alexander Volovics" <a.volovic@upcmail.nl>:
>>> Wat is the reaction of selinux to the nvidia driver.
>>> Does selinux try to prevent the nvidia driver from being loaded?
>
>> Nope. I've been using them together and experienced no issues.
>
> Thanks. Then I guess I should finally start reading up on
> selinux and not trust my 'intuition' anymore.
> I thought the nvidia driver being a "fremdkörper" and all ...
>
> Alexander
>
Sometimes the nvidia driver device can be mislabled, which can cause
SELinux issues. In the past we have had problems with nvidia requiring
GUI apps to need execstack and execmem, but we are now allowing these by
default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3k+30ACgkQrlYvE4MpobMyBwCgvv9RbzaAfI MgAXt4RpBCc2vA
XP4AoN0UiUbct4YVK5OobL/qq1aF6cra
=Jl9b
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Mark Eggers 05-31-2011 07:11 PM

Selinux and Nvidia drivers
 
On Tue, 31 May 2011 10:30:21 -0400, Daniel J Walsh wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 05/30/2011 06:40 AM, Alexander Volovics wrote:
>> On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote:
>>
>>> 30.05.2011, 18:47, "Alexander Volovics" <a.volovic@upcmail.nl>:
>>>> Wat is the reaction of selinux to the nvidia driver. Does selinux try
>>>> to prevent the nvidia driver from being loaded?
>>
>>> Nope. I've been using them together and experienced no issues.
>>
>> Thanks. Then I guess I should finally start reading up on selinux and
>> not trust my 'intuition' anymore. I thought the nvidia driver being a
>> "fremdkörper" and all ...
>>
>> Alexander
>>
> Sometimes the nvidia driver device can be mislabled, which can cause
> SELinux issues. In the past we have had problems with nvidia requiring
> GUI apps to need execstack and execmem, but we are now allowing these by
> default.


Dan, that's nice to know. The NVidia installer does the following:

Linux installations using SELinux (Security-Enhanced Linux)
require that the security type of all shared libraries be
set to 'shlib_t' or 'textrel_shlib_t', depending on the
distribution. nvidia-installer will detect when to set the
security type, and set it using chcon(1) on the shared
libraries it installs. If the execstack(8) system utility
is present, nvidia-installer will use it to also clear the
executable stack flag of the libraries. Use this option to
override nvidia-installer's detection of when to set the
security type. Valid values for FORCE-SELINUX are 'yes'
(force setting of the security type), 'no' (prevent setting
of the security type), and 'default' (let nvidia-installer
decide when to set the security type).

That's the documentation from <driver-name> --advanced-options. I also
use a script with semanage fcontext to clean up some issues. I should try
not running the script next time I upgrade and see if there are
performance issues / SELinux warnings (I normally run in permissive mode).

If I do find issues, should I report it on the Fedora buglist (change in
SELinux policy), NVidia forum (change in their installer script), or both?

. . . . just my two cents.

/mde/

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


All times are GMT. The time now is 08:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.