Hey there, I've used the ABS to compile a kernel with the CONFIG_AUDIT=y and CONFIG_SECURITY_APPARMOR=y options enabled. Apparmor and audit work just fine, but when I tried to start a game, I failed. The following errors occur only when using the apparmor enabled kernel (independently of kernel boot parameters to enable/disable apparmor). $ lsmod | grep nvidia $ modprobe nvidia modprobe: FATAL: Module nvidia not found. $ glxgears Xlib: extension "GLX" missing on display ":0". Error: couldn't get an RGB, Double-buffered visual $ glxinfo name of display: :0 Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Error: couldn't find RGB GLX visual or fbconfig Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Xlib: extension "GLX" missing on display ":0". Anything that doesn't require fancy graphics works (though libreoffice and some other programs complain anyway). The configuration files are much alike (diff attached) with only apparmor and audit options changed, and a few others presumably by `make config`. I also tried to use `make nconfig` in the PKGBUILD to change them, to the same effect. By following the wiki, I eventually found this out: $ ls /lib/modules/extra* /lib/modules/extramodules-4.2-apparmor: version /lib/modules/extramodules-4.2-ARCH: bbswitch.ko.gz nvidia.ko.gz nvidia-uvm.ko.gz version $ modprobe -c > ARCH.modprobe-c # with default kernel loaded $ modprobe -c > apparmor.modprobe-c # with compiled kernel loaded $ # ^^^-- diff attached to this message The diffs of these files clearly show the apparmor kernel seems to have no nvidia support, while the compile time configuration files show no difference in this matter. Using insmod doesn't work, as those extra modules are compiled for another kernel (error "Invalid module format"). But how are they there? I couldn't find any information on EXTRA modules in the wiki, never heard about them. Seems they are compiled separately: $ pacman -Qo /lib/modules/extramodules-4.2-ARCH/* /usr/lib/modules/extramodules-4.2-ARCH/bbswitch.ko.gz pertence a bbswitch 0.8-37 /usr/lib/modules/extramodules-4.2-ARCH/nvidia.ko.gz pertence a nvidia 355.11-3 /usr/lib/modules/extramodules-4.2-ARCH/nvidia-uvm.ko.gz pertence a nvidia 355.11-3 /usr/lib/modules/extramodules-4.2-ARCH/version pertence a linux 4.2.2-1 I guess at least now I know it's not some weird compilation option I forgot about... Might as well put the compiled kernel in the AUR. I doubt nvidia is giving away source code to compile that... Is this a dead end? Or perhaps the guys with nvidia and OpenSUSE found a way? How can I get that nvidia extra module to work on ? And why is it an "extra"? Wait, now I think of it, maybe I can make this work. Maybe I can get this to work with ABS, by pointing to the correct headers to the nvidia package. I will post this now because possibly someone else knows best, and if I end up solving my own problem, at least the solution becomes available for anyone looking for it. I found the answer to 60% of my original questions regarding this problem, while writing this email, if I don't post this now I may never do. I hope you're okay with this. Note: I sent this a while ago, got an error that it was too large, so now I used diff -c3 on the original attachments. Thanks for your time, João Miguel
*** apparmor.config 2015-10-14 14:49:45.776749952 +0100 --- ARCH.config 2015-10-13 14:22:37.723342200 +0100 *************** *** 1,6 **** # # Automatically generated file; DO NOT EDIT. ! # Linux/x86 4.2.2-2 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y --- 1,6 ---- # # Automatically generated file; DO NOT EDIT. ! # Linux/x86 4.2.2-1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y *************** *** 51,57 **** CONFIG_INIT_ENV_ARG_LIMIT=32 CONFIG_CROSS_COMPILE="" # CONFIG_COMPILE_TEST is not set ! CONFIG_LOCALVERSION="-apparmor" CONFIG_LOCALVERSION_AUTO=y CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y --- 51,57 ---- CONFIG_INIT_ENV_ARG_LIMIT=32 CONFIG_CROSS_COMPILE="" # CONFIG_COMPILE_TEST is not set ! CONFIG_LOCALVERSION="-ARCH" CONFIG_LOCALVERSION_AUTO=y CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y *************** *** 74,82 **** CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_FHANDLE=y # CONFIG_USELIB is not set ! CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y - # CONFIG_AUDITSYSCALL is not set # # IRQ subsystem --- 74,81 ---- CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_FHANDLE=y # CONFIG_USELIB is not set ! # CONFIG_AUDIT is not set CONFIG_HAVE_ARCH_AUDITSYSCALL=y # # IRQ subsystem *************** *** 965,971 **** # # Xtables targets # - # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m CONFIG_NETFILTER_XT_TARGET_CONNMARK=m --- 964,969 ---- *************** *** 7154,7177 **** # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y ! CONFIG_SECURITY_NETWORK=y ! # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set - # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set ! CONFIG_SECURITY_APPARMOR=y ! CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 ! CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_YAMA_STACKED=y CONFIG_INTEGRITY=y # CONFIG_INTEGRITY_SIGNATURE is not set - CONFIG_INTEGRITY_AUDIT=y # CONFIG_IMA is not set # CONFIG_EVM is not set - # CONFIG_DEFAULT_SECURITY_APPARMOR is not set # CONFIG_DEFAULT_SECURITY_YAMA is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" --- 7152,7169 ---- # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y ! # CONFIG_SECURITY_NETWORK is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set ! # CONFIG_SECURITY_APPARMOR is not set CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_YAMA_STACKED=y CONFIG_INTEGRITY=y # CONFIG_INTEGRITY_SIGNATURE is not set # CONFIG_IMA is not set # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_YAMA is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" *************** *** 7263,7269 **** CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m CONFIG_CRYPTO_RMD320=m ! CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1_SSSE3=m CONFIG_CRYPTO_SHA256_SSSE3=m CONFIG_CRYPTO_SHA512_SSSE3=m --- 7255,7261 ---- CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m CONFIG_CRYPTO_RMD320=m ! CONFIG_CRYPTO_SHA1=m CONFIG_CRYPTO_SHA1_SSSE3=m CONFIG_CRYPTO_SHA256_SSSE3=m CONFIG_CRYPTO_SHA512_SSSE3=m
*** apparmor.modprobe-c 2015-10-14 14:53:11.803424143 +0100 --- ARCH.modprobe-c 2015-10-13 22:32:26.807191260 +0100 *************** *** 360,365 **** --- 360,366 ---- alias char_major_14_* soundcore alias char_major_161_* ircomm_tty alias char_major_166_* cdc_acm + alias char_major_195_* nvidia alias char_major_19_* cyclades alias char_major_204_* altera_uart alias char_major_206_* osst *************** *** 573,579 **** --- 574,582 ---- alias crypto_serpent_generic serpent_generic alias crypto_sha1 sha1_ssse3 alias crypto_sha1 sha1_mb + alias crypto_sha1 sha1_generic alias crypto_sha1_all padlock_sha + alias crypto_sha1_generic sha1_generic alias crypto_sha1_padlock padlock_sha alias crypto_sha224 sha256_ssse3 alias crypto_sha224 sha256_generic *************** *** 4517,4522 **** --- 4520,4527 ---- alias pci:v000010DBd0000801Dsv*sd*bc0Csc03iFE* pch_udc alias pci:v000010DBd00008808sv*sd*bc0Csc03iFE* pch_udc alias pci:v000010DEd*sv*sd*bc03sc*i* nouveau + alias pci:v000010DEd*sv*sd*bc03sc00i00* nvidia + alias pci:v000010DEd*sv*sd*bc03sc02i00* nvidia alias pci:v000010DEd*sv*sd*bc04sc03i00* snd_hda_intel alias pci:v000010DEd00000034sv*sd*bc*sc*i* i2c_nforce2 alias pci:v000010DEd00000035sv*sd*bc*sc*i* pata_amd *************** *** 4701,4706 **** --- 4706,4712 ---- alias pci:v000010DEd00000D8Dsv*sd*bc*sc*i* ahci alias pci:v000010DEd00000D8Esv*sd*bc*sc*i* ahci alias pci:v000010DEd00000D8Fsv*sd*bc*sc*i* ahci + alias pci:v000010DEd00000E00sv*sd*bc04sc80i00* nvidia alias pci:v000010DFd00000720sv*sd*bc*sc*i* be2net alias pci:v000010DFd00000722sv*sd*bc*sc*i* be2iscsi alias pci:v000010DFd00000724sv*sd*bc*sc*i* lpfc *************** *** 10471,10477 **** --- 10477,10485 ---- alias serpent_generic serpent_generic alias sha1 sha1_ssse3 alias sha1 sha1_mb + alias sha1 sha1_generic alias sha1_all padlock_sha + alias sha1_generic sha1_generic alias sha1_padlock padlock_sha alias sha224 sha256_ssse3 alias sha224 sha256_generic *************** *** 20508,20513 **** --- 20516,20523 ---- alias symbol:crypto_authenc_extractkeys authenc alias symbol:crypto_get_default_null_skcipher crypto_null alias symbol:crypto_put_default_null_skcipher crypto_null + alias symbol:crypto_sha1_finup sha1_generic + alias symbol:crypto_sha1_update sha1_generic alias symbol:crypto_sha256_finup sha256_generic alias symbol:crypto_sha256_update sha256_generic alias symbol:crypto_sha512_finup sha512_generic *************** *** 25438,25445 **** --- 25448,25503 ---- alias symbol:notify_wx_assoc_event rtllib alias symbol:notify_wx_assoc_event_rsl r8192u_usb alias symbol:null_ax25_address ax25 + alias symbol:nvUvmInterfaceAddressSpaceCreate nvidia + alias symbol:nvUvmInterfaceAddressSpaceCreateMirrored nvidia + alias symbol:nvUvmInterfaceAddressSpaceDestroy nvidia + alias symbol:nvUvmInterfaceChannelAllocate nvidia + alias symbol:nvUvmInterfaceChannelDestroy nvidia + alias symbol:nvUvmInterfaceChannelTranslateError nvidia + alias symbol:nvUvmInterfaceCheckEccErrorSlowpath nvidia + alias symbol:nvUvmInterfaceCopyEngineAllocate nvidia + alias symbol:nvUvmInterfaceDeRegisterUvmOps nvidia + alias symbol:nvUvmInterfaceDestroyFaultInfo nvidia + alias symbol:nvUvmInterfaceDupAllocation nvidia + alias symbol:nvUvmInterfaceFreeDupedHandle nvidia + alias symbol:nvUvmInterfaceGetAttachedUuids nvidia + alias symbol:nvUvmInterfaceGetChannelPhysInfo nvidia + alias symbol:nvUvmInterfaceGetFbInfo nvidia + alias symbol:nvUvmInterfaceGetGmmuFmt nvidia + alias symbol:nvUvmInterfaceGetGpuIds nvidia + alias symbol:nvUvmInterfaceGetGpuInfo nvidia + alias symbol:nvUvmInterfaceGetPageLevelInfo nvidia + alias symbol:nvUvmInterfaceGetUvmPrivRegion nvidia + alias symbol:nvUvmInterfaceInitFaultInfo nvidia + alias symbol:nvUvmInterfaceKillChannel nvidia + alias symbol:nvUvmInterfaceMemoryAllocFB nvidia + alias symbol:nvUvmInterfaceMemoryAllocGpuPa nvidia + alias symbol:nvUvmInterfaceMemoryAllocGpuVa nvidia + alias symbol:nvUvmInterfaceMemoryAllocSys nvidia + alias symbol:nvUvmInterfaceMemoryCpuMap nvidia + alias symbol:nvUvmInterfaceMemoryCpuUnMap nvidia + alias symbol:nvUvmInterfaceMemoryFree nvidia + alias symbol:nvUvmInterfaceMemoryFreePa nvidia + alias symbol:nvUvmInterfaceMemoryFreeVa nvidia + alias symbol:nvUvmInterfaceQueryCaps nvidia + alias symbol:nvUvmInterfaceRegisterGpu nvidia + alias symbol:nvUvmInterfaceRegisterUvmCallbacks nvidia + alias symbol:nvUvmInterfaceServiceDeviceInterruptsRM nvidia + alias symbol:nvUvmInterfaceSessionCreate nvidia + alias symbol:nvUvmInterfaceSessionDestroy nvidia + alias symbol:nvUvmInterfaceUnregisterGpu nvidia alias symbol:nvdimm_namespace_attach_btt nd_btt alias symbol:nvdimm_namespace_detach_btt nd_btt + alias symbol:nvidia_frontend_add_device nvidia + alias symbol:nvidia_frontend_remove_device nvidia + alias symbol:nvidia_get_rm_ops nvidia + alias symbol:nvidia_p2p_destroy_mapping nvidia + alias symbol:nvidia_p2p_free_page_table nvidia + alias symbol:nvidia_p2p_get_pages nvidia + alias symbol:nvidia_p2p_init_mapping nvidia + alias symbol:nvidia_p2p_put_pages nvidia + alias symbol:nvidia_register_module nvidia + alias symbol:nvidia_unregister_module nvidia alias symbol:nvram_check_checksum nvram alias symbol:nvram_read_byte nvram alias symbol:nvram_write_byte nvram
