Updating the nvidia driver for Fedora Core5

Paul Howarth paul at city-fan.org
Mon Apr 17 08:48:44 CDT 2006 

On Mon, 2006-04-17 at 07:42 -0500, Matt Domsch wrote:
> On Mon, Apr 17, 2006 at 01:24:08PM +0100, Paul Howarth wrote:
> > > > [ -x /sbin/restorecon ] && /sbin/restorecon /path/to/installed/module
> > > 
> > > Agreed.  Until DKMS includes this, individual modules can use a
> > > POST_INSTALL script to do the same, yes?
> > 
> > Yes, that should work - as long as the distro sets the right context
> > when this happens. If not, semanage might have to be used to set the
> > correct default context, and that could be a distribution-specific
> > value. That's why it's important to get the right context included in
> > the policy for the distro itself.
> 
> 
> Agreed again.  kernel modules should not have to know anything about
> selinux policy, and really should not have their own policy files to
> install via semanage.  It hasn't been a problem on FC5 yet.
> 
> The files and dirs in /lib/modules/ appear to have context:
>  system_u:object_r:modules_object_t
> 
> However, as I'm running Vmware Player on an FC5 system, I see it's
> creating its modules with the following context:
> 
> ./misc:
> lrwxrwxrwx  root     root     user_u:object_r:modules_object_t vmmon.ko
> -rw-r--r--  root     root     user_u:object_r:modules_object_t vmmon.o
> lrwxrwxrwx  root     root     user_u:object_r:modules_object_t vmnet.ko
> -rw-r--r--  root     root     user_u:object_r:modules_object_t vmnet.o
> 
> and repeated runnings of restorecon keep that value, so I trust it's
> what the policy calls for.
> 
> So I hacked up a kernel module test package to try out DKMS.  Even
> without the restorecon call, it put dell_rbu.ko in the right place
> with the user_u context: 
> 
> -rw-r--r--  root     root     user_u:object_r:modules_object_t dell_rbu.ko
> 
> and again, calling restorecon does nothing.
> 
> So, is the call to restorecon actually needed?  I guess it can't
> hurt...

It should only be needed if some custom type was needed, other than
modules_object_t. I think this is unlikely really.

The most common problem with third-party software on FC5 is having to
change shared library files from lib_t to textrel_shlib_t, usually
because they have been compiled using a legacy compiler that doesn't
separate out the stack into a separate memory region.

Paul.

More information about the DKMS-devel mailing list