Selinux and Nvidia drivers
Wat is the reaction of selinux to the nvidia driver.
Does selinux try to prevent the nvidia driver from being loaded? Alexander -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Selinux and Nvidia drivers
30.05.2011, 18:47, "Alexander Volovics" <a.volovic@upcmail.nl>:
> Wat is the reaction of selinux to the nvidia driver. > Does selinux try to prevent the nvidia driver from being loaded? > > Alexander Nope. I've been using them together and experienced no issues. -- Best regards, Misha Shnurapet, Fedora Project Contributor https://fedoraproject.org/wiki/Shnurapet shnurapet AT fedoraproject.org, GPG: 00217306 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Selinux and Nvidia drivers
On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote:
> 30.05.2011, 18:47, "Alexander Volovics" <a.volovic@upcmail.nl>: > > Wat is the reaction of selinux to the nvidia driver. > > Does selinux try to prevent the nvidia driver from being loaded? > Nope. I've been using them together and experienced no issues. Thanks. Then I guess I should finally start reading up on selinux and not trust my 'intuition' anymore. I thought the nvidia driver being a "fremdkörper" and all ... Alexander -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Selinux and Nvidia drivers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 05/30/2011 06:40 AM, Alexander Volovics wrote: > On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote: > >> 30.05.2011, 18:47, "Alexander Volovics" <a.volovic@upcmail.nl>: >>> Wat is the reaction of selinux to the nvidia driver. >>> Does selinux try to prevent the nvidia driver from being loaded? > >> Nope. I've been using them together and experienced no issues. > > Thanks. Then I guess I should finally start reading up on > selinux and not trust my 'intuition' anymore. > I thought the nvidia driver being a "fremdkörper" and all ... > > Alexander > Sometimes the nvidia driver device can be mislabled, which can cause SELinux issues. In the past we have had problems with nvidia requiring GUI apps to need execstack and execmem, but we are now allowing these by default. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3k+30ACgkQrlYvE4MpobMyBwCgvv9RbzaAfI MgAXt4RpBCc2vA XP4AoN0UiUbct4YVK5OobL/qq1aF6cra =Jl9b -----END PGP SIGNATURE----- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
Selinux and Nvidia drivers
On Tue, 31 May 2011 10:30:21 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 05/30/2011 06:40 AM, Alexander Volovics wrote: >> On Mon, May 30, 2011 at 07:25:45PM +0900, Misha Shnurapet wrote: >> >>> 30.05.2011, 18:47, "Alexander Volovics" <a.volovic@upcmail.nl>: >>>> Wat is the reaction of selinux to the nvidia driver. Does selinux try >>>> to prevent the nvidia driver from being loaded? >> >>> Nope. I've been using them together and experienced no issues. >> >> Thanks. Then I guess I should finally start reading up on selinux and >> not trust my 'intuition' anymore. I thought the nvidia driver being a >> "fremdkörper" and all ... >> >> Alexander >> > Sometimes the nvidia driver device can be mislabled, which can cause > SELinux issues. In the past we have had problems with nvidia requiring > GUI apps to need execstack and execmem, but we are now allowing these by > default. Dan, that's nice to know. The NVidia installer does the following: Linux installations using SELinux (Security-Enhanced Linux) require that the security type of all shared libraries be set to 'shlib_t' or 'textrel_shlib_t', depending on the distribution. nvidia-installer will detect when to set the security type, and set it using chcon(1) on the shared libraries it installs. If the execstack(8) system utility is present, nvidia-installer will use it to also clear the executable stack flag of the libraries. Use this option to override nvidia-installer's detection of when to set the security type. Valid values for FORCE-SELINUX are 'yes' (force setting of the security type), 'no' (prevent setting of the security type), and 'default' (let nvidia-installer decide when to set the security type). That's the documentation from <driver-name> --advanced-options. I also use a script with semanage fcontext to clean up some issues. I should try not running the script next time I upgrade and see if there are performance issues / SELinux warnings (I normally run in permissive mode). If I do find issues, should I report it on the Fedora buglist (change in SELinux policy), NVidia forum (change in their installer script), or both? . . . . just my two cents. /mde/ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines |
| All times are GMT. The time now is 01:36 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.