Red Hat Bugzilla – Bug 179656
NVIDIA proprietary X driver policy updates needed
Last modified: 2007-11-30 17:11:22 EST
The NVIDIA proprietary X driver things need updating in the targeted policy:
First, the NVIDIA libGL* libs are in the /usr/lib(64)/nvidia dir on my box
(package from livna.org). Patch attached.
Second, when starting X, I get this in logs:
(II) Loading /usr/lib64/xorg/modules/drivers/nvidia_drv.so
dlopen: /usr/lib64/xorg/modules/drivers/nvidia_drv.so: cannot enable executable
stack as shared object requires: Permission denied
(EE) Failed to load /usr/lib64/xorg/modules/drivers/nvidia_drv.so
"execstack -c /usr/lib64/xorg/modules/drivers/nvidia_drv.so" fixes it. Is there
a way to accomplish that in the selinux policy out of the box?
Created attachment 123997 [details]
Patch for updated location of NVIDIA libGL*
Fixed in selinux-policy-2.2.15-2
Created attachment 124821 [details]
audit.log from unsuccessful X startup
The library permissions seem to be fixed in 2.2.15-4, but the problem with
nvidia_drv.so (see initial comment) persists. audit.log snippet from
unsuccessful X/gdm startup attached.
selinux-policy-2.2.16-1 Adds the execstack priv to xserver, although it would be
good to report this as a bug to nvidia.
Confirmed working and reported at
NVIDIA has bug 207999 open for this issue.
Dan, could you also add ATrpms' paths to selinux-policy? E.g. something like
(BTW who do I need to contact to get appropriate right to reopen bugs?)
This is a sorting problem in FC5. The context is in the file, but it is being
overridden by a path later in the file. I will update the policy to fix the
As far as who to contact, I have no idea.
Created attachment 127143 [details]
ATrpms nvidia file_contexts adjustments
I've attached the full list of modifications to file_contexts required for the
ATrpms nvidia drivers, which includes the glx and GLcore changes.
(In reply to comment #8)
> This is a sorting problem in FC5. The context is in the file, but it is being
> overridden by a path later in the file. I will update the policy to fix the
Dan, could you also take a look at Bug #187476 please -- a lot of livna users
are hitting this currently
(In reply to comment #8)
> I will update the policy to fix the problem.
I think this got forgotten, because Tim's comment #7 was done after the bug was
closed, so I'm reopening it (unless you prefer to clone the bug instead?)
I received a bug report from a strict policy user (this is targeted, but I guess
the fix/bug will be the same), that's how I remembered this one.