nvidia* if prop driver and no no3d #5991

New issue

Closed

opened 2026-05-05 10:48:40 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:48:40 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6387
Author: @kmk3
Created: 6/17/2024
Status: ✅ Merged
Merged: 6/25/2024
Merged by: @kmk3

Base: master ← Head: modif-keep-nvidia-module

📝 Commits (1)

21b8ef1 modif: keep /sys/module/nvidia* if prop driver and no no3d

📊 Changes

2 files changed (+14 additions, -2 deletions)

View changed files

📝 etc/profile-m-z/noprofile.profile (+2 -0)
📝 src/firejail/fs.c (+12 -2)

📄 Description

It has been reported in #6372 that after upgrading the nvidia
proprietary driver from version 550.78 to 550.90.07, programs using
hardware acceleration fail unless paths in /sys/module/nvidia* are
accessible. Example:

$ firejail --noprofile prime-run /bin/glxdemo
[...]
X Error of failed request:  BadValue (integer parameter out of range for operation)
  Major opcode of failed request:  150 (GLX)
  Minor opcode of failed request:  3 (X_GLXCreateContext)
  Value in failed request:  0x0
  Serial number of failed request:  22
  Current serial number in output stream:  23
[...]

Meanwhile, the AMD proprietary driver (AMDGPU Pro) seems to depend on
/sys/module/amdgpu for OpenCL (though it is unclear how to detect that
driver). See commit 95c8e284d ("Allow accessing /sys/module directory",
2018-05-08) and commit 9dd581d25 ("Allow AMD GPU usage by Blender",
2018-05-08) from PR #1932.

So whitelist /sys/module/nvidia* by default if the nvidia proprietary
driver is detected and no3d is not used.

Note: The driver check is copied from src/firejail/util.c (see #841).

To keep the current behavior (that is, block all modules), add
blacklist /sys/module to globals.local.

Fixes #6372.

Reported-by: @GreatBigWhiteWorld
Reported-by: @orzogc
Reported-by: @krop
Reported-by: @michelesr
Suggested-by: @glitsj16
Tested-by: @flyxyz123

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6387 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 6/17/2024 **Status:** ✅ Merged **Merged:** 6/25/2024 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `modif-keep-nvidia-module` --- ### 📝 Commits (1) - [`21b8ef1`](https://github.com/netblue30/firejail/commit/21b8ef19348e9155c66f3ca013c408ec248d8416) modif: keep /sys/module/nvidia* if prop driver and no no3d ### 📊 Changes **2 files changed** (+14 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `etc/profile-m-z/noprofile.profile` (+2 -0) 📝 `src/firejail/fs.c` (+12 -2) </details> ### 📄 Description It has been reported in #6372 that after upgrading the nvidia proprietary driver from version 550.78 to 550.90.07, programs using hardware acceleration fail unless paths in `/sys/module/nvidia*` are accessible. Example: $ firejail --noprofile prime-run /bin/glxdemo [...] X Error of failed request: BadValue (integer parameter out of range for operation) Major opcode of failed request: 150 (GLX) Minor opcode of failed request: 3 (X_GLXCreateContext) Value in failed request: 0x0 Serial number of failed request: 22 Current serial number in output stream: 23 [...] Meanwhile, the AMD proprietary driver (AMDGPU Pro) seems to depend on `/sys/module/amdgpu` for OpenCL (though it is unclear how to detect that driver). See commit 95c8e284d ("Allow accessing /sys/module directory", 2018-05-08) and commit 9dd581d25 ("Allow AMD GPU usage by Blender", 2018-05-08) from PR #1932. So whitelist `/sys/module/nvidia*` by default if the nvidia proprietary driver is detected and `no3d` is not used. Note: The driver check is copied from src/firejail/util.c (see #841). To keep the current behavior (that is, block all modules), add `blacklist /sys/module` to globals.local. Fixes #6372. Reported-by: @GreatBigWhiteWorld Reported-by: @orzogc Reported-by: @krop Reported-by: @michelesr Suggested-by: @glitsj16 Tested-by: @flyxyz123 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:48:40 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5991

No description provided.

Rows
Columns