I've updated the packages media-video/nvidia-kernel and media-video/nvidia-glx to the most recent version at present - 1.0.6111. Now, trying to launch an opengl application returns an error: Error: Could not open /dev/nvidiactl because the permissions are too resticitive. Please see the FREQUENTLY ASKED QUESTIONS section of /usr/share/doc/NVIDIA_GLX-1.0/README for steps to correct. I've taken a look at the README, here's the referred excerpt: Q: OpenGL applications exit with the following error message: Error: Could not open /dev/nvidiactl because the permissions are too restrictive. Please see the FREQUENTLY ASKED QUESTIONS section of /usr/share/doc/NVIDIA_GLX-1.0/README for steps to correct. A: It is likely that a security module for the PAM system may be changing the permissions on the NVIDIA device files. In most cases this security system works, but it can get confused. To correct this problem it is recommended that you disable this security feature. Different Linux distributions have different files to control this; please consult with your distributor for the correct method of disabling this security feature. As an example, if your system has the file /etc/security/console.perms then you should edit the file and remove the line that starts with "<dri>" (we have also received reports that additional references to <dri> in console.perms must be removed, but this has not been verified by NVIDIA). If instead your system has the file /etc/logindevperms then you should edit the file and remove the line that lists /dev/nvidiactl. The above steps will prevent the PAM security system from modifying the permissions on the NVIDIA device files. Next, you will need to reset the permissions on the device files back to their original permissions and owner. You can do that with the following commands: chmod 0666 /dev/nvidia* chown root /dev/nvidia* Instead of deleting the entry, I modified it to (/etc/security/console.perms): <xconsole> 0660 <dri> 0660 root.graphics As part of the solution I concern creating a new group for the users: 'graphics'; suitable would be also 'media' 'video' or 'nvidia'. Reproducible: Always Steps to Reproduce: 1. ACCEPT_KEYWORDS="~arch" emerge -v nvidia-kernel nvidia-glx 2. restart devfs and X 3. execute /usr/bin/glxgears Actual Results: The problem has been solved. Expected Results: The software is not supposed to put out the given error message and execute the expected operations: load the drivers and draw opengl graphics. emerge info Portage 2.0.50-r9 (default-x86-1.4, gcc-3.3.3, glibc-2.3.4.20040619-r1, 2.6.7-gentoo-r11) ================================================================= System uname: 2.6.7-gentoo-r11 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz Gentoo Base System version 1.5.2 Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.5-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=pentium4 -fprefetch-loop-arrays -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.1/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -fprefetch-loop-arrays -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs buildpkg ccache cvs digest sandbox userpriv usersandbox" GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /home/portage /home/portage/overlay-freedesktop" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X aalib alsa apache2 apm arts avi berkdb cdr crypt cups directfb dmixer dvd encode esd f77 firebird flac flash foomaticdb gdbm ggi gif gnome gnutls gpm gtk gtk2 gtkhtml imlib jack java jpeg kde libg++ libwww linguas_de mad mikmod mmx motif mozilla moznocompose moznoirc moznomail mozxmlterm mpeg mysql ncurses nls nptl nvidia objc oggvorbis opengl oss pam pdflib perl php png python qt quicktime readline samba sdl slang spell sse ssl svga tcpd tiff truetype x86 xchattext xml xml2 xmms xv zlib"
Created attachment 37060 [details, diff] Patch for /etc/security/console.perms I've yet chosen the group name 'nvidia' because it isn't common for other devices/drivers as far as I know,
Created attachment 37061 [details, diff] Patch for /etc/group This patch adds the group name nvidia with the ID number 34 (might require a change). Don't forget to add your username to the group.
Created attachment 37062 [details, diff] Patch for /etc/group Just realized the previously submitted patch for /etc/group wouldn't work due to different membrs of the group 'games'
andrew@asteroid andrew $ ls -l /dev/nvidia* crw-rw---- 1 root video 195, 0 Aug 9 23:23 /dev/nvidia0 crw-rw---- 1 root video 195, 255 Aug 9 23:23 /dev/nvidiactl andrew@asteroid andrew $ groups lp wheel audio video games users portage The 'video' group all ready does this out of the box. How are your devices created? devfs or udev??
I use devfs, but I guess it's due to PAM nulling the group. /dev/nvidia* were all (both) set 0700 root:root (worked fine before, though). And I can't remind of a change done to that other than updating the drivers.
Check your DevFS conf file for the default permissions it assigns devices, it should be 660 not 600 which it is from that above comment. In futherance you can manually chmod the devices and the changes should be persistant over reboots IIRC (going from memory here though); if they arent just add the chmod commands to /etc/conf.d/local.start and they'll be run each restart for you automatically.
closing.
Don't know in how far it can be considered invalid since it didn't happen on purpose, but no matter.
*** Bug 58715 has been marked as a duplicate of this bug. ***