modif: keep /sys/module/nvidia* if prop driver and no no3d #6387
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Nvidia users, do these changes fix the issue? Kind of relates to #6380. |
Yes, these changes fix the issue for me. |
It has been reported in netblue30#6372 that after upgrading the nvidia proprietary driver from version 550.78 to 550.90.07, programs using hardware acceleration fail unless paths in `/sys/module/nvidia*` are accessible. Example: $ firejail --noprofile prime-run /bin/glxdemo [...] X Error of failed request: BadValue (integer parameter out of range for operation) Major opcode of failed request: 150 (GLX) Minor opcode of failed request: 3 (X_GLXCreateContext) Value in failed request: 0x0 Serial number of failed request: 22 Current serial number in output stream: 23 [...] Meanwhile, the AMD proprietary driver (AMDGPU Pro) seems to depend on `/sys/module/amdgpu` for OpenCL (though it is unclear how to detect that driver). See commit 95c8e28 ("Allow accessing /sys/module directory", 2018-05-08) and commit 9dd581d ("Allow AMD GPU usage by Blender", 2018-05-08) from PR netblue30#1932. So whitelist `/sys/module/nvidia*` by default if the nvidia proprietary driver is detected and `no3d` is not used. Note: The driver check is copied from src/firejail/util.c (see netblue30#841). To keep the current behavior (that is, block all modules), add `blacklist /sys/module` to globals.local. Fixes netblue30#6372. Reported-by: @GreatBigWhiteWorld Reported-by: @orzogc Reported-by: @krop Reported-by: @michelesr Suggested-by: @glitsj16 Tested-by: @flyxyz123
kmk3
force-pushed
the
modif-keep-nvidia-module
branch
from
d4cb440
to
21b8ef1
Compare
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It has been reported in #6372 that after upgrading the nvidia
proprietary driver from version 550.78 to 550.90.07, programs using
hardware acceleration fail unless paths in
/sys/module/nvidia*areaccessible. Example:
Meanwhile, the AMD proprietary driver (AMDGPU Pro) seems to depend on
/sys/module/amdgpufor OpenCL (though it is unclear how to detect thatdriver). See commit 95c8e28 ("Allow accessing /sys/module directory",
2018-05-08) and commit 9dd581d ("Allow AMD GPU usage by Blender",
2018-05-08) from PR #1932.
So whitelist
/sys/module/nvidia*by default if the nvidia proprietarydriver is detected and
no3dis not used.Note: The driver check is copied from src/firejail/util.c (see #841).
To keep the current behavior (that is, block all modules), add
blacklist /sys/moduleto globals.local.Fixes #6372.
Reported-by: @GreatBigWhiteWorld
Reported-by: @orzogc
Reported-by: @krop
Reported-by: @michelesr
Suggested-by: @glitsj16
Tested-by: @flyxyz123