Summary: | x11-drivers/nvidia-drivers: wrong SELinux context for /dev/nvidiactl and /dev/nvidia0 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | mrl5 <jakuboo+gentoo> |
Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | ionen, selinux, soap |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/13350 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | ls -lZ of /dev files |
Description
mrl5
2019-10-16 20:04:41 UTC
Created attachment 592958 [details]
ls -lZ of /dev files
Give this a shot and lemme know: # cat /etc/tmpfiles.d/nvidia.conf #Type Path Mode UID GID Age Argument z /dev/nvidia* 0660 root video - - (In reply to Jason Zaman from comment #2) > Give this a shot and lemme know: > > # cat /etc/tmpfiles.d/nvidia.conf > #Type Path Mode UID GID Age Argument > z /dev/nvidia* 0660 root video - - I dont have this file (I'm on funtoo) # find / -name *nvidia.conf /etc/modprobe.d/nvidia.conf (In reply to Jason Zaman from comment #2) > Give this a shot and lemme know: > > # cat /etc/tmpfiles.d/nvidia.conf > #Type Path Mode UID GID Age Argument > z /dev/nvidia* 0660 root video - - ... but creating this file did not help. just in case this is the context of dir and file # ls -lZ /etc/ | grep tmpfiles drwxr-xr-x. 2 root root system_u:object_r:tmpfiles_conf_t 4096 Oct 19 22:36 tmpfiles.d # ls -lZ /etc/tmpfiles.d/ total 4 -rw-r--r--. 1 root root system_u:object_r:tmpfiles_conf_t 77 Oct 19 22:36 nvidia.conf proposed bugfix: https://github.com/gentoo/gentoo/pull/13350 the fix would not be possible without great help of @Zero_Chaos who pointed to https://gitweb.gentoo.org/repo/gentoo.git/plain/x11-drivers/nvidia-drivers/files/nvidia-udev.sh-r1 Not familiar with SELinux (or these issues), so I'll need a proposed solution. However, nvidia-udev.sh is gone so the previous can't be used. Currently devices are created whenever they are needed by nvidia-modprobe (suid root) called by nvidia's libraries (udev doesn't do anything). With recent changes it's now possible to modify nvidia-modprobe[1] (built from source unlike before), would that be useful? [1] https://github.com/NVIDIA/nvidia-modprobe |