Don't dissallow open with write flag syscall on NVIDIA
2136a38d88c8
Actions

Authored by graesslin on Aug 30 2017, 4:37 PM.

Description

Don't dissallow open with write flag syscall on NVIDIA

Summary:
The latest NVIDIA driver crashes the greeter due to our seccomp enabled
sandbox being too restrictive. The driver is now opening files for
writing after our dummy context got created and this causes a crash. In
order to provide our users a working system again we better disable the
seccomp rule for NVIDIA users for the time being.

To detect whether an NVIDIA driver is used I copied the glplatform from
KWin which is known to work and more reliable than writing new custom
code even if it's a code copy. For master I'll look into splitting that
one out from KWin and putting it into a dedicated library so that we can
link it.

This of course means that the seccomp based sandbox is now incomplete
for NVIDIA users. An idea is to add an additional apparmor rule in
master to enforce the write restrictions in similar way without forcing
it for /dev.

BUG: 384005

Test Plan: I don't have an NVIDIA

Reviewers: Plasma

Subscribers: plasma-devel

Tags: Plasma

Differential Revision: https://phabricator.kde.org/D7616

Details

Committed

graesslin

Aug 30 2017, 4:50 PM

Differential Revision

D7616: Don't dissallow open with write flag syscall on NVIDIA

Parents

R133:215d46002f20: Update version number for 5.10.5 GIT_SILENT

Branches

Unknown

Tags

Unknown

References

tag: v5.10.5.1, Plasma/5.10

graesslin committed R133:2136a38d88c8: Don't dissallow open with write flag syscall on NVIDIA (authored by graesslin).Aug 30 2017, 4:50 PM

Changes (6)

				Path	Packages
	M			greeter/CMakeLists.txt
	M			greeter/autotests/CMakeLists.txt
	M			greeter/autotests/seccomp_test.cpp
	A			greeter/kwinglplatform.cpp
	A			greeter/kwinglplatform.h
	M			greeter/seccomp_filter.cpp