diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-06-25 22:52:05 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-25 22:52:05 +0000 |
commit | af44e33b19becf3cda6919a10268cca731a1e306 (patch) | |
tree | 34ff3198c9c3e9486df174837770a23aac0f1f6a /etc/profile-a-l/gnome-keyring.profile | |
parent | modif: private-dev: keep /dev/kfd unless no3d is used (#6380) (diff) | |
download | firejail-af44e33b19becf3cda6919a10268cca731a1e306.tar.gz firejail-af44e33b19becf3cda6919a10268cca731a1e306.tar.zst firejail-af44e33b19becf3cda6919a10268cca731a1e306.zip |
modif: keep /sys/module/nvidia* if prop driver and no no3d (#6387)
It has been reported in #6372 that after upgrading the nvidia
proprietary driver from version 550.78 to 550.90.07, programs using
hardware acceleration fail unless paths in `/sys/module/nvidia*` are
accessible. Example:
$ firejail --noprofile prime-run /bin/glxdemo
[...]
X Error of failed request: BadValue (integer parameter out of range for operation)
Major opcode of failed request: 150 (GLX)
Minor opcode of failed request: 3 (X_GLXCreateContext)
Value in failed request: 0x0
Serial number of failed request: 22
Current serial number in output stream: 23
[...]
Meanwhile, the AMD proprietary driver (AMDGPU Pro) seems to depend on
`/sys/module/amdgpu` for OpenCL (though it is unclear how to detect that
driver). See commit 95c8e284d ("Allow accessing /sys/module directory",
2018-05-08) and commit 9dd581d25 ("Allow AMD GPU usage by Blender",
2018-05-08) from PR #1932.
So whitelist `/sys/module/nvidia*` by default if the nvidia proprietary
driver is detected and `no3d` is not used.
Note: The driver check is copied from src/firejail/util.c (see #841).
To keep the current behavior (that is, block all modules), add
`blacklist /sys/module` to globals.local.
Fixes #6372.
Reported-by: @GreatBigWhiteWorld
Reported-by: @orzogc
Reported-by: @krop
Reported-by: @michelesr
Suggested-by: @glitsj16
Tested-by: @flyxyz123
Diffstat (limited to 'etc/profile-a-l/gnome-keyring.profile')
0 files changed, 0 insertions, 0 deletions