VirtualGL and selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Thank you for selinux.   I have been trying to run it on our machines
especially any public facing and servers.  We use audit2allow and
generate mods.

I did not find a 'dumb users forum'.   Could you point me to a place
to find this or suggest how to fix this?   I worked with our local expert
on selinux.   (I can repeat this if that helps).

I was not able to get VirtualGL and selinux to work together.
It is something during boot time it seems.  I have tried generating
rules based on audit/audit.log.

The VirtualGL web http://www.virtualgl.org/Documentation/RHEL6
states they don't know how to make it work either.

I have tried in permissive mode after boot and that did not work either,
which is why I think it is something during boot time.  Like the device
setup. My guess is related to: /dev/dri as it sets up these and then
access to the /dev/nvidia0 and /dev/nvidiactl are restricted to vglusers
group (in my case it can be configured with/without group restriction).

From VirtualGL website they also have:

vglgenkey Issues

Currently, the only known way to make vglgenkey work (vglgenkey is used to grant 3D X Server access to members of the vglusers group) is to disable SELinux. With SELinux enabled, the /usr/bin/xauth file is hidden within the context of the GDM startup scripts, so vglgenkey has no way of generating or importing an xauth key to /etc/opt/VirtualGL/vgl_xauth_key (and, for that matter, access is denied to /etc/opt/VirtualGL as well.)

Perhaps someone with a greater knowledge of SELinux can explain how to disable enforcement only for GDM and not the whole system.


[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux