Re: Need to handle xorg-x11-drv-nvidia with selinux-policy!

"KH KH" <kwizart@xxxxxxxxx> · Tue, 22 May 2007 12:16:25 +0200

2007/5/21, Daniel J Walsh <dwalsh@xxxxxxxxxx>:
KH KH wrote:
> Hello
>
>> From here http://www.nvnews.net/vbulletin/showthread.php?t=72490
> There is a need to handle xorg-x11-drv-nvidia package with Selinux:
> This was previously documented to be done manually on documentation
> that uses livna package...
> The nvidia installer detect it but livna package uses a different
> scheme so it has be be handled somewhere else...
>
> This can be done into the xorg-x11-drv-nvidia package or into
> selinux-policy (the second is the prefered choice if possible).
>
> Because it deal with versioned libs i wonder if i can be possible to
> handle it easily with the selinux-policy package ?
>
> Thx for any advices (i will submit a bug for selinux-policy if it is
> possible)
>
> Nicolas (kwizart)
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
u1 update has these fixes  (preview available on
http://people.redhat.com/dwalsh/SELinux/RHEL5

Well i didn't riched to check (which one may i check ?)

Of course if nvidia would just fix the way they build their libraries,
this would probably not be a problem

Should we request it to nVidia ? Is is related to CFLAGS and $RPM_OPT_FLAGS ?

Well i forgot to say that livna packaging scheme uses a different path
for theses libraries (to prevent replacement issue)... And i also
don't know currently if the new lib ( libnvidia-wfb.so.%{version} -
provided with version > 97xx ) is concern by the need to change the
selinux context...

If i take care of the Selinux context inside xorg-x11-drv-nvidia i
will have in %post section: (where nvidialibdir is %{_libdir}/nvidia )

%{_sbindir}/semanage fcontext -a -t textrel_shlib_t
%{_libdir}/xorg/modules/drivers/nvidia_drv.so &>/dev/null
%{_sbindir}/semanage fcontext -a -t textrel_shlib_t
%{_libdir}/xorg/modules/extensions/nvidia/libglx.so.%{version}
&>/dev/null
%{_sbindir}/semanage fcontext -a -t textrel_shlib_t
%{nvidialibdir}/libGLcore.so.%{version} &>/dev/null
%{_sbindir}/semanage fcontext -a -t textrel_shlib_t
%{nvidialibdir}/libnvidia-tls.so.1 &>/dev/null
if sestatus |egrep -q 'SELinux status.*enabled'
then
      restorecon %{_libdir}/xorg/modules/drivers/nvidia_drv.so
%{_libdir}/xorg/modules/extensions/nvidia/libglx.so.%{version}
%{nvidialibdir}/libGLcore.so.%{version}
%{nvidialibdir}/libnvidia-tls.so.1 &>/dev/null || :
fi || :

Thx for you advices!

Nicolas (kwizart)

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list