https://bugs.kde.org/show_bug.cgi?id=384005
Martin Flöser <mgraess...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Latest Commit| |https://commits.kde.org/ksc
| |reenlocker/2136a38d88c8d0d7
| |be67fe0c6c0870e53a6f7bc6
Resolution|UPSTREAM |FIXED
--- Comment #15 from Martin Flöser <mgraess...@kde.org> ---
Git commit 2136a38d88c8d0d7be67fe0c6c0870e53a6f7bc6 by Martin Flöser.
Committed on 30/08/2017 at 16:50.
Pushed by graesslin into branch 'Plasma/5.10'.
Don't dissallow open with write flag syscall on NVIDIA
Summary:
The latest NVIDIA driver crashes the greeter due to our seccomp enabled
sandbox being too restrictive. The driver is now opening files for
writing after our dummy context got created and this causes a crash. In
order to provide our users a working system again we better disable the
seccomp rule for NVIDIA users for the time being.
To detect whether an NVIDIA driver is used I copied the glplatform from
KWin which is known to work and more reliable than writing new custom
code even if it's a code copy. For master I'll look into splitting that
one out from KWin and putting it into a dedicated library so that we can
link it.
This of course means that the seccomp based sandbox is now incomplete
for NVIDIA users. An idea is to add an additional apparmor rule in
master to enforce the write restrictions in similar way without forcing
it for /dev.
Test Plan: I don't have an NVIDIA
Reviewers: #plasma
Subscribers: plasma-devel
Tags: #plasma
Differential Revision: https://phabricator.kde.org/D7616
M +1 -0 greeter/CMakeLists.txt
M +1 -1 greeter/autotests/CMakeLists.txt
M +4 -0 greeter/autotests/seccomp_test.cpp
A +1062 -0 greeter/kwinglplatform.cpp [License: GPL (v2)]
A +416 -0 greeter/kwinglplatform.h [License: GPL (v2)]
M +22 -3 greeter/seccomp_filter.cpp
https://commits.kde.org/kscreenlocker/2136a38d88c8d0d7be67fe0c6c0870e53a6f7bc6
--
You are receiving this mail because:
You are watching all bug changes.
