[GH-ISSUE #841] nvidia driver and noroot setting #573

New issue

Closed

opened 2026-05-05 06:11:17 -06:00 by gitea-mirror · 29 comments

gitea-mirror commented 2026-05-05 06:11:17 -06:00

Owner

Copy link

Originally created by @reinerh on GitHub (Oct 6, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/841

A Debian user reported that Steam was segfaulting when run with firejail after upgrading the nvidia driver to 367.44-2.
(Also glxgears behaves wrong with the steam profile)

The problematic line in the steam profile is the "noroot" setting, though I don't know why exactly this is causing issues.

The complete bug report is here.

Originally created by @reinerh on GitHub (Oct 6, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/841 A Debian user reported that Steam was segfaulting when run with firejail after upgrading the nvidia driver to 367.44-2. (Also glxgears behaves wrong with the steam profile) The problematic line in the steam profile is the "noroot" setting, though I don't know why exactly this is causing issues. The complete bug report is [here](https://bugs.debian.org/839868).

gitea-mirror 2026-05-05 06:11:17 -06:00

• closed this issue
• added the
  bug
  graphics
  labels

gitea-mirror commented 2026-05-05 06:11:22 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Oct 8, 2016):

I have a fix in 40ed53c20b

I don't have a Nvidia card, but I think it will fix the issue. I added video and games to the groups allowed in the user namespace. I close the bug for now and reopen it if necessary. Thanks.

<!-- gh-comment-id:252422373 --> @netblue30 commented on GitHub (Oct 8, 2016): I have a fix in https://github.com/netblue30/firejail/commit/40ed53c20b7a1a5569795a858c3bfe100083c666 I don't have a Nvidia card, but I think it will fix the issue. I added video and games to the groups allowed in the user namespace. I close the bug for now and reopen it if necessary. Thanks.

gitea-mirror commented 2026-05-05 06:11:24 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (Mar 11, 2017):

I'm seeing this same issue with Firejail 0.9.44.8-1 on Debian with an nVidia NVS 5400M. It looks like 40ed53c either did not fix the issue or it has reappeared.

I compiled from the current master (22414ad) and captured the strace output for glxgears with and without --noroot and posted it as a gist: https://gist.github.com/kevinoid/cb1c4ed6c8f073d41b1c4e1039e04e99#file-glxgears-strace-diff

Notably, when running with --noroot it tries and fails to chmod /dev/nvidia-modeset, /dev/nvidia-modeset, and /dev/nvidia0 then forks a child which fails to chmod the device, then opens it (which succeeds, since the devices are still root:root 0666 which stat showed before chmod). It also does not try to write anything to ~/.nv/GLCache (although the train may have left the tracks before this point). It doesn't make much sense to me. Any ideas?

Thanks,
Kevin

<!-- gh-comment-id:285846554 --> @kevinoid commented on GitHub (Mar 11, 2017): I'm seeing this same issue with Firejail 0.9.44.8-1 on Debian with an nVidia NVS 5400M. It looks like 40ed53c either did not fix the issue or it has reappeared. I compiled from the current master (22414ad) and captured the `strace` output for `glxgears` with and without `--noroot` and posted it as a gist: https://gist.github.com/kevinoid/cb1c4ed6c8f073d41b1c4e1039e04e99#file-glxgears-strace-diff Notably, when running with `--noroot` it tries and fails to `chmod` `/dev/nvidia-modeset`, `/dev/nvidia-modeset`, and `/dev/nvidia0` then forks a child which fails to `chmod` the device, then opens it (which succeeds, since the devices are still `root:root` `0666` which `stat` showed before `chmod`). It also does not try to write anything to `~/.nv/GLCache` (although the train may have left the tracks before this point). It doesn't make much sense to me. Any ideas? Thanks, Kevin

gitea-mirror commented 2026-05-05 06:11:26 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Aug 19, 2018):

I have an Nvidia card and have used noroot with with nvidia driver for a while now with no issues. Is anyone still seeing this issue?

<!-- gh-comment-id:414141174 --> @chiraag-nataraj commented on GitHub (Aug 19, 2018): I have an Nvidia card and have used `noroot` with with `nvidia` driver for a while now with no issues. Is anyone still seeing this issue?

gitea-mirror commented 2026-05-05 06:11:28 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (Aug 19, 2018):

I can confirm that this is still an issue for me on Debian with firejail 0.9.54-1, nvidia 390.77-1, and Linux 4.18.0 (from kernel.org, without Debian patches). firejail --noprofile glxgears works fine, but firejail --noprofile --noroot glxgears shows a black window without the spinning gears. I updated the gist at https://gist.github.com/kevinoid/cb1c4ed6c8f073d41b1c4e1039e04e99#file-glxgears-strace-diff with the strace differences between the two.

<!-- gh-comment-id:414146240 --> @kevinoid commented on GitHub (Aug 19, 2018): I can confirm that this is still an issue for me on Debian with firejail 0.9.54-1, nvidia 390.77-1, and Linux 4.18.0 (from kernel.org, without Debian patches). `firejail --noprofile glxgears` works fine, but `firejail --noprofile --noroot glxgears` shows a black window without the spinning gears. I updated the gist at https://gist.github.com/kevinoid/cb1c4ed6c8f073d41b1c4e1039e04e99#file-glxgears-strace-diff with the `strace` differences between the two.

gitea-mirror commented 2026-05-05 06:11:31 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Aug 19, 2018):

That's very interesting. I'm on Debian sid/experimental, with firejail 0.9.55 (from git), nvidia 396.51-1, and Linux 4.17.8 (custom-built from linux-source-4.17). Both firejail --noprofile glxgears and firejail --noprofile --noroot glxgears give me the normal window (spinning gears).

<!-- gh-comment-id:414146926 --> @chiraag-nataraj commented on GitHub (Aug 19, 2018): That's very interesting. I'm on Debian sid/experimental, with firejail 0.9.55 (from git), nvidia 396.51-1, and Linux 4.17.8 (custom-built from linux-source-4.17). Both `firejail --noprofile glxgears` and `firejail --noprofile --noroot glxgears` give me the normal window (spinning gears).

gitea-mirror commented 2026-05-05 06:11:34 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Aug 23, 2018):

@kevinoid I'm curious to see if you run into the issue with a Debian stock kernel. Can you test and report back?

<!-- gh-comment-id:415430975 --> @chiraag-nataraj commented on GitHub (Aug 23, 2018): @kevinoid I'm curious to see if you run into the issue with a Debian stock kernel. Can you test and report back?

gitea-mirror commented 2026-05-05 06:11:37 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (Aug 23, 2018):

@chiraag-nataraj Sure. I can confirm that the same behavior occurs when running kernel 4.17.0-1-amd64 from the linux-image-4.17.0-1-amd64 package (version 4.17.8-1) with nVidia modules built using nvidia-kernel-dkms (version 390.77-1).

<!-- gh-comment-id:415444059 --> @kevinoid commented on GitHub (Aug 23, 2018): @chiraag-nataraj Sure. I can confirm that the same behavior occurs when running kernel 4.17.0-1-amd64 from the linux-image-4.17.0-1-amd64 package (version 4.17.8-1) with nVidia modules built using nvidia-kernel-dkms (version 390.77-1).

gitea-mirror commented 2026-05-05 06:11:39 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Aug 23, 2018):

Damn, that's weird. So I have a newer version of nvidia-driver, but I've never had this issue, so I suspect that the driver version doesn't really matter too much.

<!-- gh-comment-id:415444940 --> @chiraag-nataraj commented on GitHub (Aug 23, 2018): Damn, that's weird. So I have a newer version of `nvidia-driver`, but I've never had this issue, so I suspect that the driver version doesn't really matter too much.

gitea-mirror commented 2026-05-05 06:11:41 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Aug 23, 2018):

Multiple monitors? Different outputs?

it has always been arbitrary when the driver calls its suid binary iirc

<!-- gh-comment-id:415447717 --> @SkewedZeppelin commented on GitHub (Aug 23, 2018): Multiple monitors? Different outputs? it has always been arbitrary when the driver calls its suid binary iirc

gitea-mirror commented 2026-05-05 06:11:42 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (Aug 23, 2018):

I agree. I don't think it is version-specific. I'm currently using the laptop screen. I can test the VGA output soon.

If you run firejail --noprofile --noroot strace -f -o glxgears.strace glxgears do you see any chmod("/dev/nvidiactl", 0666) calls in glxgears.strace? I'm curious whether it is making those calls and whether the call succeeds.

Also, for reference, my system has nVidia Optimus, so it has both an Intel graphics card and an nVidia card. The problem does not occur when using Mesa on the Intel card.

<!-- gh-comment-id:415449064 --> @kevinoid commented on GitHub (Aug 23, 2018): I agree. I don't think it is version-specific. I'm currently using the laptop screen. I can test the VGA output soon. If you run `firejail --noprofile --noroot strace -f -o glxgears.strace glxgears` do you see any `chmod("/dev/nvidiactl", 0666)` calls in `glxgears.strace`? I'm curious whether it is making those calls and whether the call succeeds. Also, for reference, my system has nVidia Optimus, so it has both an Intel graphics card and an nVidia card. The problem does not occur when using Mesa on the Intel card.

gitea-mirror commented 2026-05-05 06:11:44 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (Aug 23, 2018):

I can confirm the same behavior occurs when using the VGA output with LVDS (the laptop screen) disabled.

<!-- gh-comment-id:415452818 --> @kevinoid commented on GitHub (Aug 23, 2018): I can confirm the same behavior occurs when using the VGA output with LVDS (the laptop screen) disabled.

gitea-mirror commented 2026-05-05 06:11:45 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (Aug 23, 2018):

I agree. I don't think it is version-specific. I'm currently using the laptop screen. I can test the VGA output soon.

I doubt the output itself would matter, since the same driver would be driving whichever screen(s) you're using.

If you run firejail --noprofile --noroot strace -f -o glxgears.strace glxgears do you see any chmod("/dev/nvidiactl", 0666) calls in glxgears.strace? I'm curious whether it is making those calls and whether the call succeeds.

I actually do see those calls and they do fail with EPERM (Operation not permitted) and glxgears works just fine regardless.

Also, for reference, my system has nVidia Optimus, so it has both an Intel graphics card and an nVidia card. The problem does not occur when using Mesa on the Intel card.

Yup, I have Optimus as well.

<!-- gh-comment-id:415605437 --> @chiraag-nataraj commented on GitHub (Aug 23, 2018): > I agree. I don't think it is version-specific. I'm currently using the laptop screen. I can test the VGA output soon. I doubt the output itself would matter, since the same driver would be driving whichever screen(s) you're using. > If you run `firejail --noprofile --noroot strace -f -o glxgears.strace glxgears` do you see any `chmod("/dev/nvidiactl", 0666)` calls in `glxgears.strace`? I'm curious whether it is making those calls and whether the call succeeds. I actually _do_ see those calls and they _do_ fail with `EPERM (Operation not permitted)` and `glxgears` works just fine regardless. > Also, for reference, my system has nVidia Optimus, so it has both an Intel graphics card and an nVidia card. The problem does not occur when using Mesa on the Intel card. Yup, I have Optimus as well.

gitea-mirror commented 2026-05-05 06:11:47 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (May 20, 2019):

Is this still an issue?

<!-- gh-comment-id:494030342 --> @chiraag-nataraj commented on GitHub (May 20, 2019): Is this still an issue?

gitea-mirror commented 2026-05-05 06:11:47 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (May 20, 2019):

Thanks for checking in. I can confirm that this is still an issue for me on Debian with firejail built from the current master branch (feae44c4), nvidia 390.116-1, and Linux 5.1.2 (from kernel.org, without Debian patches). firejail --noprofile glxgears works fine, but firejail --noprofile --noroot glxgears shows a black window without the spinning gears.

<!-- gh-comment-id:494040926 --> @kevinoid commented on GitHub (May 20, 2019): Thanks for checking in. I can confirm that this is still an issue for me on Debian with firejail built from the current master branch (feae44c4), nvidia 390.116-1, and Linux 5.1.2 (from kernel.org, without Debian patches). `firejail --noprofile glxgears` works fine, but `firejail --noprofile --noroot glxgears` shows a black window without the spinning gears.

gitea-mirror commented 2026-05-05 06:11:49 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (May 20, 2019):

Hmm, I see. Is this an issue if you use the Debian-supplied kernel instead of the custom build?

<!-- gh-comment-id:494042327 --> @chiraag-nataraj commented on GitHub (May 20, 2019): Hmm, I see. Is this an issue if you use the Debian-supplied kernel instead of the custom build?

gitea-mirror commented 2026-05-05 06:11:50 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (May 20, 2019):

Yep. I can confirm that the same symptoms occur with firejail built from feae44c, nvidia 390.116-1, and Linux 4.19.0-5-amd64 (from the linux-image-4.19.0-5-amd64 Debian package version 4.19.37-3).

<!-- gh-comment-id:494046428 --> @kevinoid commented on GitHub (May 20, 2019): Yep. I can confirm that the same symptoms occur with firejail built from feae44c, nvidia 390.116-1, and Linux 4.19.0-5-amd64 (from the linux-image-4.19.0-5-amd64 Debian package version 4.19.37-3).

gitea-mirror commented 2026-05-05 06:11:53 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (May 20, 2019):

I'm wondering if it just has to do with something they changed on their end, since I'm on 418.74...

<!-- gh-comment-id:494048333 --> @chiraag-nataraj commented on GitHub (May 20, 2019): I'm wondering if it just has to do with something they changed on their end, since I'm on 418.74...

gitea-mirror commented 2026-05-05 06:11:55 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (May 20, 2019):

But looking back, that doesn't seem to matter...I'm stumped.

<!-- gh-comment-id:494048634 --> @chiraag-nataraj commented on GitHub (May 20, 2019): But looking back, that doesn't seem to matter...I'm stumped.

gitea-mirror commented 2026-05-05 06:11:57 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (May 20, 2019):

If you do firejail --noroot --noprofile glxinfo, what is the output?

<!-- gh-comment-id:494048779 --> @chiraag-nataraj commented on GitHub (May 20, 2019): If you do `firejail --noroot --noprofile glxinfo`, what is the output?

gitea-mirror commented 2026-05-05 06:11:58 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (May 20, 2019):

I added the output of firejail --noroot --noprofile glxinfo to the gist with the strace outputs: https://gist.github.com/kevinoid/cb1c4ed6c8f073d41b1c4e1039e04e99#file-glxinfo-noroot-txt

<!-- gh-comment-id:494051121 --> @kevinoid commented on GitHub (May 20, 2019): I added the output of `firejail --noroot --noprofile glxinfo` to the gist with the strace outputs: https://gist.github.com/kevinoid/cb1c4ed6c8f073d41b1c4e1039e04e99#file-glxinfo-noroot-txt

gitea-mirror commented 2026-05-05 06:12:00 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (May 20, 2019):

Hold on. Your glxinfo output is showing that glxinfo has no problem accessing your Nvidia card. Something's really screwy here, since you're reporting that glxgears has the problem, but your output shows that glxinfo does not.

<!-- gh-comment-id:494051956 --> @chiraag-nataraj commented on GitHub (May 20, 2019): Hold on. Your `glxinfo` output is showing that `glxinfo` has no problem accessing your Nvidia card. Something's really screwy here, since you're reporting that `glxgears` has the problem, but your output shows that `glxinfo` does not.

gitea-mirror commented 2026-05-05 06:12:03 -06:00

Author

Owner

Copy link

@kevinoid commented on GitHub (May 20, 2019):

That is correct. On my system glxinfo appears to work fine with --noroot. glxgears does not work with --noroot.

<!-- gh-comment-id:494052962 --> @kevinoid commented on GitHub (May 20, 2019): That is correct. On my system `glxinfo` appears to work fine with `--noroot`. `glxgears` does not work with `--noroot`.

gitea-mirror commented 2026-05-05 06:12:04 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (May 21, 2019):

That's so odd...I would presume they'd both attempt to access the Nvidia driver the same way...

<!-- gh-comment-id:494424227 --> @chiraag-nataraj commented on GitHub (May 21, 2019): That's so odd...I would presume they'd both attempt to access the Nvidia driver the same way...

gitea-mirror commented 2026-05-05 06:12:05 -06:00

Author

Owner

Copy link

@czka commented on GitHub (Mar 15, 2020):

For the record: similar thing with nvidia driver 390.132-32 on Arch Linux, trying to run Operation Flashpoint (aka Arma: Cold War Assult these days) on Steam 1.0.0.61-4 in Gnome 3.36.0, X11 mode.

With noroot disabled in /etc/firejail/steam.profile the game runs fine. When noroot is set (as per Firejail's default) game's video freezes as long as its full-screen "window" is focused. However, when I press alt+tab to switch windows, I can see the game's video unfreezed underneath the list of windows. And so forth - once I switch to game's window, the video gets stuck, and when I press alt+tab I can see the game actually runnig fine underneath the list of my active windows.

@netblue30 Maybe add a hint regarding noroot in steam.profile for people trying to run games on Linux+Steam+Nvidia? I took me a long moment to figure this out.

<!-- gh-comment-id:599203435 --> @czka commented on GitHub (Mar 15, 2020): For the record: similar thing with `nvidia` driver `390.132-32` on Arch Linux, trying to run Operation Flashpoint (aka Arma: Cold War Assult these days) on Steam `1.0.0.61-4` in Gnome `3.36.0`, `X11` mode. With `noroot` disabled in `/etc/firejail/steam.profile` the game runs fine. When `noroot` is set (as per Firejail's default) game's video freezes as long as its full-screen "window" is focused. However, when I press `alt`+`tab` to switch windows, I can see the game's video unfreezed underneath the list of windows. And so forth - once I switch to game's window, the video gets stuck, and when I press `alt`+`tab` I can see the game actually runnig fine underneath the list of my active windows. @netblue30 Maybe add a hint regarding `noroot` in `steam.profile` for people trying to run games on Linux+Steam+Nvidia? I took me a long moment to figure this out.

gitea-mirror commented 2026-05-05 06:12:07 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Mar 15, 2020):

@czka done.

<!-- gh-comment-id:599205130 --> @rusty-snake commented on GitHub (Mar 15, 2020): @czka done.

gitea-mirror commented 2026-05-05 06:12:09 -06:00

Author

Owner

Copy link

@czka commented on GitHub (Mar 22, 2020):

@rusty-snake Kewl!

<!-- gh-comment-id:602169349 --> @czka commented on GitHub (Mar 22, 2020): @rusty-snake Kewl!

gitea-mirror commented 2026-05-05 06:12:11 -06:00

Author

Owner

Copy link

@matu3ba commented on GitHub (Sep 8, 2020):

@rusty-snake Could you close due fixed and no feedback?

<!-- gh-comment-id:689197173 --> @matu3ba commented on GitHub (Sep 8, 2020): @rusty-snake Could you close due fixed and no feedback?

gitea-mirror commented 2026-05-05 06:12:13 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Sep 9, 2020):

Maybe we want to keep it open until we have a better fix then adding a note that nvidia-users should add ignore noroot to some profiles. I'm not sure.

<!-- gh-comment-id:689472937 --> @rusty-snake commented on GitHub (Sep 9, 2020): Maybe we want to keep it open until we have a better fix then adding a note that nvidia-users should add `ignore noroot` to some profiles. I'm not sure.

gitea-mirror commented 2026-05-05 06:12:14 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Oct 2, 2020):

Temporary fix in for the next release: I disable nogroups if /dev/nvidiactl is detected in the system. If it is working we go with it in the next release and find a better way to do it later.

<!-- gh-comment-id:702858263 --> @netblue30 commented on GitHub (Oct 2, 2020): Temporary fix in for the next release: I disable nogroups if /dev/nvidiactl is detected in the system. If it is working we go with it in the next release and find a better way to do it later.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#573

No description provided.