Go Back   nV News Forums > Linux Support Forums > NVIDIA Linux

Newegg Daily Deals

Reply
 
Thread Tools
Old 09-13-07, 07:42 PM   #1
felix-bellaby
Registered User
 
Join Date: Apr 2006
Posts: 16
Default Fedora 8 selinux denies execstack libs

The targeted selinux policy in Fedora Rawhide, and intended for inclusion in Fedora 8, does not grant execstack permission to the X server.

This currently prevents the nvidia drivers from loading on Fedora 8, because the execstack flag is set on their libraries and modules.

The best solution to this problem from a security standpoint would be to eliminate any dependencies on execstack from the nvidia drivers. I am not sure that there really are any dependencies to eliminate. I have tried running the 100.14.11 drivers with the execstack bit cleared and they seem to work flawlessly on the GeForce 8800. Could you simply ship the drivers without execstack and resolve the problem ?

Alternatively, Fedora could add a rule to the selinux policy to allow execstack on the X server process (or on the nvidia libraries). However, this might be a less secure solution and would be better avoided unless it is really necessary.
felix-bellaby is offline   Reply With Quote
Old 09-13-07, 09:23 PM   #2
AaronP
NVIDIA Corporation
 
AaronP's Avatar
 
Join Date: Mar 2005
Posts: 2,487
Default Re: Fedora 8 selinux denies execstack libs

Hi Felix,
Thank you for reporting this. This enhancement request is being tracked by bug number 224775.
AaronP is offline   Reply With Quote
Old 10-10-07, 02:36 AM   #3
kirsche
Registered User
 
Join Date: Oct 2007
Posts: 4
Default Re: Fedora 8 selinux denies execstack libs

Quote:
Originally Posted by felix-bellaby
The targeted selinux policy in Fedora Rawhide, and intended for inclusion in Fedora 8, does not grant execstack permission to the X server.

This currently prevents the nvidia drivers from loading on Fedora 8, because the execstack flag is set on their libraries and modules.

The best solution to this problem from a security standpoint would be to eliminate any dependencies on execstack from the nvidia drivers. I am not sure that there really are any dependencies to eliminate. I have tried running the 100.14.11 drivers with the execstack bit cleared and they seem to work flawlessly on the GeForce 8800. Could you simply ship the drivers without execstack and resolve the problem ?

Alternatively, Fedora could add a rule to the selinux policy to allow execstack on the X server process (or on the nvidia libraries). However, this might be a less secure solution and would be better avoided unless it is really necessary.
Could you, please, explain how to clear this bit and on which files?
kirsche is offline   Reply With Quote
Old 10-15-07, 10:13 PM   #4
gilboa
Linux addict...
 
Join Date: Jan 2004
Posts: 540
Default Re: Fedora 8 selinux denies execstack libs

I'd consider top-posting a Fedora-8 howto before the actual release to prevent the usual 10,000 "FedoraX/SELinux/etc doesn't seem to work" threads.

- Gilboa
__________________
DEV-NG: Intel S2600C0, 2xE52658V2, 32GB, 4x2TB, GTX680, F19/x86_64, Dell U2711.
DEV: Intel S5520SC, 2xX5680, 36GB, 5x320GB, GTX550, F19/x86_64, Dell U2711 (^).
SRV: Tyan Tempest i5400XT, 2xE5335, 8GB, 4x2TB, 9800GTX, F19/x86-64, Dell U2412.
LAP: ASUS N56VJ, i7-3630QM, 16GB, 1TB, 635M, F19/x86_64.
gilboa is offline   Reply With Quote
Old 10-16-07, 02:27 AM   #5
mooninite
Registered User
 
Join Date: May 2006
Posts: 477
Default Re: Fedora 8 selinux denies execstack libs

Quote:
Originally Posted by gilboa
I'd consider top-posting a Fedora-8 howto before the actual release to prevent the usual 10,000 "FedoraX/SELinux/etc doesn't seem to work" threads.

- Gilboa
I second.

Fedora 8 will be out in a few weeks (Nov. 8). In a few weeks you'll have "Fedora 8, nVidia driver no worky" threads all over the board.
mooninite is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 10:45 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.