Updating the nvidia driver for Fedora Core5

Matt Domsch Matt_Domsch at dell.com
Fri Apr 14 11:33:03 CDT 2006 

On Fri, Apr 14, 2006 at 09:44:18AM +0100, Paul Howarth wrote:
> On Thu, 2006-04-13 at 16:50 -0600, Stephen J. Smoogen wrote:
> > I am trying to make an internal update to the Dell dkms Nvidia package
> > and realized that I might need to fuss with  selinux policy items. Are
> > there special directive for doing this.. or is the recommended way to
> > put changes in the %pre/%post items.
> 
> Presumably this was triggered by FC5's memory protection?
> 
> I think what should really happen is that the distribution's upstream
> policy should include the correct context for the module in its final
> destination under /lib/modules/... (Dan Walsh at Red Hat has always been
> amenable to adding things to policy like this) and that all that should
> be necessary for a dkms package would be something like this in dkms's
> "install" section:
> 
> [ -x /sbin/restorecon ] && /sbin/restorecon /path/to/installed/module


How's this look?  This resets the context on the directories and
modules as they're installed into /lib/modules, and on uninstall with an
original module, restores that context too.


-- 
Matt Domsch
Software Architect
Dell Linux Solutions linux.dell.com & www.dell.com/linux
Linux on Dell mailing lists @ http://lists.us.dell.com

--- dkms-2.0.11	Mon Apr  3 16:09:50 2006
+++ dkms	Fri Apr 14 11:30:07 2006
@@ -1028,7 +1028,11 @@ function install_module()
 	echo $" - Installation"
  	echo $"   - Installing to $install_tree/${kernelver_array[0]}${dest_module_location[$count]}/" 
 	mkdir -p $install_tree/${kernelver_array[0]}${dest_module_location[$count]}
+        # adjust selinux contexts on the directory
+	[ -x /sbin/restorecon ] && /sbin/restorecon $install_tree/${kernelver_array[0]}${dest_module_location[$count]}
 	cp -f "$base_dir/module/${dest_module_name[$count]}$module_suffix" "$install_tree/${kernelver_array[0]}${dest_module_location[$count]}/${dest_module_name[$count]}$module_suffix"
+        # adjust selinux contexts on the module itself
+	[ -x /sbin/restorecon ] && /sbin/restorecon "$install_tree/${kernelver_array[0]}${dest_module_location[$count]}/${dest_module_name[$count]}$module_suffix"
 
 	count=$(($count + 1))
     done
@@ -1312,6 +1316,8 @@ function do_uninstall()
 		echo $"   - Archived original module found in the DKMS tree" 
 		echo $"   - Moving it to: $install_tree/$1${dest_module_location[$count]}/" 
 		mv -f "$dkms_tree/$module/original_module/$1/$2/${dest_module_name[$count]}$module_suffix" "$install_tree/$1${dest_module_location[$count]}/" 2>/dev/null
+                # adjust selinux contexts on the directory and all its files recursively
+		[ -x /sbin/restorecon ] && /sbin/restorecon -R "$install_tree/$1${dest_module_location[$count]}/"
 	    else
 		echo $"   - No original module was found for this module on this kernel." 
 		echo $"   - Use the dkms install command to reinstall any previous module version."

More information about the DKMS-devel mailing list