KH KH wrote:
2007/5/21, Daniel J Walsh <dwalsh@xxxxxxxxxx>:
KH KH wrote:
> Hello
>
>> From here http://www.nvnews.net/vbulletin/showthread.php?t=72490
> There is a need to handle xorg-x11-drv-nvidia package with Selinux:
> This was previously documented to be done manually on documentation
> that uses livna package...
> The nvidia installer detect it but livna package uses a different
> scheme so it has be be handled somewhere else...
>
> This can be done into the xorg-x11-drv-nvidia package or into
> selinux-policy (the second is the prefered choice if possible).
>
> Because it deal with versioned libs i wonder if i can be possible to
> handle it easily with the selinux-policy package ?
>
> Thx for any advices (i will submit a bug for selinux-policy if it is
> possible)
>
> Nicolas (kwizart)
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
u1 update has these fixes (preview available on
http://people.redhat.com/dwalsh/SELinux/RHEL5
Well i didn't riched to check (which one may i check ?)
I am not sure what you are asking? You can check the poicy in
http://people.redhat.com/dwalsh/SELinux/RHEL5
Of course if nvidia would just fix the way they build their libraries,
this would probably not be a problem
Should we request it to nVidia ? Is is related to CFLAGS and
$RPM_OPT_FLAGS ?
Yes. It has to do with using -fpic or -fPIC in the CFLAGS.
Well i forgot to say that livna packaging scheme uses a different path
for theses libraries (to prevent replacement issue)... And i also
don't know currently if the new lib ( libnvidia-wfb.so.%{version} -
provided with version > 97xx ) is concern by the need to change the
selinux context...
If i take care of the Selinux context inside xorg-x11-drv-nvidia i
will have in %post section: (where nvidialibdir is %{_libdir}/nvidia )
You can check the default context of the path with matchpathcon.
def_con=`matchpathcon -n %{_libdir}/xorg/modules/drivers/nvidia_drv.so`
if [ $def_con != "system_u:object_r:textrel_shlib_t" ]; then
%{_sbindir}/semanage fcontext -a -t textrel_shlib_t
%{_libdir}/xorg/modules/drivers/nvidia_drv.so &>/dev/null
fi
%{_sbindir}/semanage fcontext -a -t textrel_shlib_t
%{_libdir}/xorg/modules/extensions/nvidia/libglx.so.%{version}
&>/dev/null
%{_sbindir}/semanage fcontext -a -t textrel_shlib_t
%{nvidialibdir}/libGLcore.so.%{version} &>/dev/null
%{_sbindir}/semanage fcontext -a -t textrel_shlib_t
%{nvidialibdir}/libnvidia-tls.so.1 &>/dev/null
if sestatus |egrep -q 'SELinux status.*enabled'
then
restorecon %{_libdir}/xorg/modules/drivers/nvidia_drv.so
%{_libdir}/xorg/modules/extensions/nvidia/libglx.so.%{version}
%{nvidialibdir}/libGLcore.so.%{version}
%{nvidialibdir}/libnvidia-tls.so.1 &>/dev/null || :
fi || :
Thx for you advices!
Nicolas (kwizart)
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
