Nvidia and SElinux
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 27 21:27:02 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
drago01 wrote:
> On Mon, Oct 27, 2008 at 8:21 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Chuck Forsberg WA7KGX N2469R wrote:
>>> The Nvidia X driver is a "killer application". Can't get the
>>> card fan to quiet down without it. Cen't get compiz running
>>> without it. Some apps such as Flightgear aren't usable without it.
>>>
>>> Integrated motherboard graphics I've seen are too slow.
>>> Not an answer except for servers people hardly look at.
>>>
>>> Assuming SElinux provides an important level of real world
>>> protection, it needs to work in the desktop world. If SElinux
>>> is that important it shouldn't be such a hassle that only server
>>> admins will put up with it.
>>>
>> If you want to run SELinux and NVidia libraries and propretary blobs you
>> will need to turn off execstack protection.
>>
>> # setsebool -P allow_execstack 1
>
> is it possible to enable it only for specific libs? if yes maybe
> nvidia can fix up their installer / rpmfusion can fix their packages.
>
We cam do this for execmod checking not for execstack and execmem.
Those have got to be on the binaries and since every X App seems to
generate it, turning off the checking is the best course of action.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkGMiYACgkQrlYvE4MpobM2JwCaAnlkLbYLfxXoev9qPvJviwNE
1SsAn24EF5brDoj5OCBB0yecS6RerW0S
=1OCy
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list