https://bugs.kde.org/show_bug.cgi?id=384005
Martin Flöser <mgraess...@kde.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Latest Commit| |https://commits.kde.org/ksc | |reenlocker/2136a38d88c8d0d7 | |be67fe0c6c0870e53a6f7bc6 Resolution|UPSTREAM |FIXED --- Comment #15 from Martin Flöser <mgraess...@kde.org> --- Git commit 2136a38d88c8d0d7be67fe0c6c0870e53a6f7bc6 by Martin Flöser. Committed on 30/08/2017 at 16:50. Pushed by graesslin into branch 'Plasma/5.10'. Don't dissallow open with write flag syscall on NVIDIA Summary: The latest NVIDIA driver crashes the greeter due to our seccomp enabled sandbox being too restrictive. The driver is now opening files for writing after our dummy context got created and this causes a crash. In order to provide our users a working system again we better disable the seccomp rule for NVIDIA users for the time being. To detect whether an NVIDIA driver is used I copied the glplatform from KWin which is known to work and more reliable than writing new custom code even if it's a code copy. For master I'll look into splitting that one out from KWin and putting it into a dedicated library so that we can link it. This of course means that the seccomp based sandbox is now incomplete for NVIDIA users. An idea is to add an additional apparmor rule in master to enforce the write restrictions in similar way without forcing it for /dev. Test Plan: I don't have an NVIDIA Reviewers: #plasma Subscribers: plasma-devel Tags: #plasma Differential Revision: https://phabricator.kde.org/D7616 M +1 -0 greeter/CMakeLists.txt M +1 -1 greeter/autotests/CMakeLists.txt M +4 -0 greeter/autotests/seccomp_test.cpp A +1062 -0 greeter/kwinglplatform.cpp [License: GPL (v2)] A +416 -0 greeter/kwinglplatform.h [License: GPL (v2)] M +22 -3 greeter/seccomp_filter.cpp https://commits.kde.org/kscreenlocker/2136a38d88c8d0d7be67fe0c6c0870e53a6f7bc6 -- You are receiving this mail because: You are watching all bug changes.