Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 556530 - Lack of support for x11-drivers/nvidia-drivers
Summary: Lack of support for x11-drivers/nvidia-drivers
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: SE Linux Bugs
Depends on:
Reported: 2015-08-02 19:19 UTC by Niklas Haas
Modified: 2020-11-18 18:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Niklas Haas 2015-08-02 19:19:28 UTC
There doesn't seem to be any SELinux policy for the proprietary nvidia drivers, which breaks some stuff.

For example, /dev/nvidia{0,ctl} ends up incorrectly labeled on boot, causing me to be unable to start

Running ‘restorecon /dev/nvidia*’ manually after booting resets it to xserver_misc_device_t, which allows me to successfully start X, but other stuff still breaks (for example, mplayer_t cannot create an OpenGL context).

Perhaps there's a better label for it? Either way, this probably deserves some attention upstream.

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2015-08-16 17:38:41 UTC
We'll need a dev with an nVidia card to supply us with the necessary policy updates :-(

The incorrect label of /dev/nvidia* is something we need to look into, because *usually* udev relabels the files it creates in /dev. When is /dev/nvidia* created - is it not at the same time as the other "regular" devices?
Comment 2 Niklas Haas 2015-08-16 17:43:32 UTC
I'm not sure how to debug that, but it probably happens when the nvidia module gets loaded. I'm not sure when exactly that is the case.

There are some entries in /etc/modprobe.d/nvidia.conf, for that matter.

(I'm using eudev rather than udev, in case it makes a difference.)
Comment 3 Dan O. 2015-11-14 02:18:44 UTC
I'm also experiencing this. I'm not sure what the options are in the modprobe.d conf file, I couldn't find a way to relabel it from there. My DM starts up just fine, but when I go to log in to KDE it doesn't actually allow the WM to function unless I relabel the NVidia-modeset file. It's the modeset device specifically for me, it gets labled as I think misc_dri_t or something along those lines automatically, it needs to be xserver_misc_device_t.
Comment 4 Amadeusz Sławiński 2015-12-17 19:34:53 UTC
From what I remember, when I used proprietary driver I used selinux_gentoo service which did restorecon on /dev on boot, not sure if it's present on recent systems.