colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/nvidia: Set SidebandSocketPath to a user-writable path in /run

Browse Source 
The NVIDIA X driver uses a UNIX domain socket to pass information to
other driver components. If unable to connect to this socket, some
driver features, such as G-Sync, may not work correctly. The socket will
be bound to a file with a name unique to the X server instance created
in the directory specified by this option. Note that on Linux, an
additional abstract socket (not associated with a file) will also be
created, with this pathname socket serving as a fallback if connecting
to the abstract socket fails.

The default, which was in effect prior to this change, was `/var/run`.

The effect of not setting this option was that GDM X sessions
(and other non-root sessions) would see this warning in the log files:

```
   (WW) NVIDIA: Failed to bind sideband socket to
   (WW) NVIDIA:     '/var/run/nvidia-xdriver-b4f69129' Permission denied
```

I don't see any security implications of turning this on universally,
since there already was an abstract socket created according to the
docs.

Documentation:

1. [NVIDIA X Config Options](https://download.nvidia.com/XFree86/Linux-x86_64/440.82/README/xconfigoptions.html#SidebandSocketPath)

Diagnosis:

1. [Arch Linux BBS post](https://bbs.archlinux.org/viewtopic.php?pid=1909115#p1909115)
This commit is contained in:
Philip Taron 2023-11-27 09:07:32 -08:00
parent b022be4d67
commit 29a46d2802
No known key found for this signature in database
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/modules/hardware/video/nvidia.nix
View File

@ -396,6 +396,9 @@ in {
modules = [nvidia_x11.bin];
display = !offloadCfg.enable;
deviceSection =
''
Option "SidebandSocketPath" "/run/nvidia-xdriver/"
'' +
lib.optionalString primeEnabled
''
BusID "${pCfg.nvidiaBusId}"
@ -533,8 +536,14 @@ in {
hardware.firmware = lib.optional cfg.open nvidia_x11.firmware;
systemd.tmpfiles.rules =
lib.optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia)
systemd.tmpfiles.rules = [
# Remove the following log message:
# (WW) NVIDIA: Failed to bind sideband socket to
# (WW) NVIDIA: '/var/run/nvidia-xdriver-b4f69129' Permission denied
#
# https://bbs.archlinux.org/viewtopic.php?pid=1909115#p1909115
"d /run/nvidia-xdriver 0770 root users"
] ++ lib.optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia)
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced";
boot = {