Summary: | x11-misc/sddm and GLEP-81 vs. x11-drivers/nvidia-drivers | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Andreas Sturmlechner <asturm> |
Component: | Current packages | Assignee: | Ionen Wolkens <ionen> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | josef64, kde, lxqt, soap |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitweb.gentoo.org/repo/gentoo.git/tree/eclass/nvidia-driver.eclass#n47 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=753104 https://github.com/gentoo/gentoo/pull/18935 https://bugzilla.opensuse.org/show_bug.cgi?id=1165987 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 701210 |
Description
Andreas Sturmlechner
2021-02-02 15:18:52 UTC
As the bug mentions, neither kernel nor udev really know about nvidia devices. suid root nvidia-modprobe (need :video to run) is called by nvidia libraries and creates devices + load modules on-demand. That can let a non-suid non-logind startx work. If I get this right, solution would involve force loading the modules at boot, creating devices, then do something similar to that tmpfiles hack which in all I'd rather not if can avoid it as it'd need its own bootscript (trying to load modules from udev rules has proven to cause hangs for some users). It may(?) be possible to hack something into nvidia-modprobe (will be building it from source soon), but that would involve making it world executable so sddm can run it. Another option would be to patch systemd/elogind, but I imagine nobody wants to do that. display-manager-init could also do the dirty work, like run nvidia-modprobe -m and setup static_nodes links. If had setpriv (util-linux[caps]) could just start display managers with setpriv --groups video if group exists (doesn't change group id, but adds supplementary groups). As much as I love setpriv, caps is not a default flag on util-linux. Suggestions welcome. (In reply to Ionen Wolkens from comment #1) > setpriv --groups video if group exists I might add that, so far, this would be my favored solution (regardless of tool used to set groups) as it doesn't need each DMs adding themselves, and still let things work as-nvidia-intended (as bad as that is). Actually, I might have to use udev to modules (hopefully without hanging systems this time) anyway due to some other issue. I'll see if the symlink thing works later. It's actually rather inconvenient after all, it's the modules loading part that's the issue and I know some users don't want them loaded at boot. tmpfiles workaround also couldn't easily account for every devices, it's more of a half-solution. Unless want to setup something in bootscripts, staying in video group post-glep81 would be simplest, some others (like acct-user/greetd) already do this it looks like. Any update here? (In reply to Conrad Kostecki from comment #5) > Any update here? This bug was about finding an alternative to being in video group for DMs, but I still don't see a good/complete solution to this that won't introduce more problems. I can only suggest with going ahead with what gdm and greetd already did, i.e. migrate to acct-user/sddm with video group. |