On 2018-02-05 18:12, Andreas Beckmann wrote: > EPERM The caller was not privileged (did not have the CAP_SYS_MODULE > capability), or module loading is disabled (see > /proc/sys/kernel/modules_disabled in proc(5)).
> So perhaps we need to apply some capabilities to nvidia-modprobe, try this: Let's debug the capabilities of a setuid root program on your machine, using a few lines shamelessly stolen from capsh.c :-) You could also add this to your verbosified nvidia-modprobe. ===== test-setuid.c ===== #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <sys/capability.h> int main() { printf("getuid() = %ld\n", (long)getuid()); printf("geteuid() = %ld\n", (long)geteuid()); printf("getgid() = %ld\n", (long)getgid()); printf("getegid() = %ld\n", (long)getegid()); cap_t all; char *text; all = cap_get_proc(); text = cap_to_text(all, NULL); printf("Current: %s\n", text); cap_free(text); cap_free(all); } ========================= you may need to install libcap-dev $ gcc -o test-setuid test-setuid.c -lcap $ sudo cp test-setuid /usr/bin/test-setuid $ sudo chown root:root /usr/bin/test-setuid $ sudo chmod u+s /usr/bin/test-setuid $ /usr/bin/test-setuid $ sudo /usr/bin/test-setuid $ sudo rm /usr/bin/test-setuid This is what I get: $ /usr/bin/test-setuid getuid() = 1000 geteuid() = 0 getgid() = 1000 getegid() = 1000 Current: = cap_sys_nice+eip cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read+ep $ sudo /usr/bin/test-setuid getuid() = 0 geteuid() = 0 getgid() = 0 getegid() = 0 Current: = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read+ep Andreas