diff --git a/azurelinux/nvidia-driver b/azurelinux/nvidia-driver index 19d2b31ab..686eed048 100755 --- a/azurelinux/nvidia-driver +++ b/azurelinux/nvidia-driver @@ -237,7 +237,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/fedora/nvidia-driver b/fedora/nvidia-driver index a8468ad8e..7d67c876d 100755 --- a/fedora/nvidia-driver +++ b/fedora/nvidia-driver @@ -338,12 +338,6 @@ _get_module_params() { # Load the kernel modules and start persistenced. _load_driver() { - # Apply SELinux labels before loading modules - # if [ -e /sys/fs/selinux ]; then - # echo "Change module files security context to modules_file_t" - # chcon -R -t modules_object_t /lib/modules/$KERNEL_VERSION/kernel/drivers/video - # fi - echo "Parsing kernel module parameters..." _get_module_params @@ -501,7 +495,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel10/nvidia-driver b/rhel10/nvidia-driver index ec112d277..732836a00 100755 --- a/rhel10/nvidia-driver +++ b/rhel10/nvidia-driver @@ -576,7 +576,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel10/ocp_dtk_entrypoint b/rhel10/ocp_dtk_entrypoint index 50d3f65ed..465a3ce1c 100755 --- a/rhel10/ocp_dtk_entrypoint +++ b/rhel10/ocp_dtk_entrypoint @@ -72,9 +72,11 @@ nv-ctr-run-with-dtk() { cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}" # Tell SELinux to allow loading these files - find . -type f \ - \( -name "*.txt" -or -name "*.go" \) \ - -exec chcon -t modules_object_t "{}" \; + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then + find . -type f \ + \( -name "*.txt" -or -name "*.go" \) \ + -exec chcon -t modules_object_t "{}" \; + fi echo "#" echo "# Executing nvidia-driver load script ..." diff --git a/rhel10/precompiled/nvidia-driver b/rhel10/precompiled/nvidia-driver index 8b9c29a9f..1b3ce49cc 100755 --- a/rhel10/precompiled/nvidia-driver +++ b/rhel10/precompiled/nvidia-driver @@ -324,7 +324,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel7/nvidia-driver b/rhel7/nvidia-driver index 528c1632d..9ebf29808 100755 --- a/rhel7/nvidia-driver +++ b/rhel7/nvidia-driver @@ -248,7 +248,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel8/nvidia-driver b/rhel8/nvidia-driver index 198c1fdb4..1c3fd4026 100755 --- a/rhel8/nvidia-driver +++ b/rhel8/nvidia-driver @@ -559,7 +559,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel8/ocp_dtk_entrypoint b/rhel8/ocp_dtk_entrypoint index 9de26e7d0..87b5e6aa6 100755 --- a/rhel8/ocp_dtk_entrypoint +++ b/rhel8/ocp_dtk_entrypoint @@ -68,9 +68,11 @@ nv-ctr-run-with-dtk() { cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}" # Tell SELinux to allow loading these files - find . -type f \ - \( -name "*.txt" -or -name "*.go" \) \ - -exec chcon -t modules_object_t "{}" \; + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then + find . -type f \ + \( -name "*.txt" -or -name "*.go" \) \ + -exec chcon -t modules_object_t "{}" \; + fi echo "#" echo "# Executing nvidia-driver load script ..." diff --git a/rhel8/precompiled/nvidia-driver b/rhel8/precompiled/nvidia-driver index de85549bc..6dced0d08 100755 --- a/rhel8/precompiled/nvidia-driver +++ b/rhel8/precompiled/nvidia-driver @@ -301,7 +301,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel9/nvidia-driver b/rhel9/nvidia-driver index 2ac431b33..3720949f5 100755 --- a/rhel9/nvidia-driver +++ b/rhel9/nvidia-driver @@ -576,7 +576,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel9/ocp_dtk_entrypoint b/rhel9/ocp_dtk_entrypoint index ff876384f..a64a42569 100755 --- a/rhel9/ocp_dtk_entrypoint +++ b/rhel9/ocp_dtk_entrypoint @@ -72,9 +72,11 @@ nv-ctr-run-with-dtk() { cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}" # Tell SELinux to allow loading these files - find . -type f \ - \( -name "*.txt" -or -name "*.go" \) \ - -exec chcon -t modules_object_t "{}" \; + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then + find . -type f \ + \( -name "*.txt" -or -name "*.go" \) \ + -exec chcon -t modules_object_t "{}" \; + fi echo "#" echo "# Executing nvidia-driver load script ..." diff --git a/rhel9/precompiled/nvidia-driver b/rhel9/precompiled/nvidia-driver index 8b22e440a..ecb39b5f2 100755 --- a/rhel9/precompiled/nvidia-driver +++ b/rhel9/precompiled/nvidia-driver @@ -350,7 +350,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/vgpu-manager/rhel8/nvidia-driver b/vgpu-manager/rhel8/nvidia-driver index b15a1085a..40ff41915 100755 --- a/vgpu-manager/rhel8/nvidia-driver +++ b/vgpu-manager/rhel8/nvidia-driver @@ -18,8 +18,10 @@ _mount_rootfs() { mkdir -p ${RUN_DIR}/driver mount --rbind / ${RUN_DIR}/driver - echo "Change device files security context for selinux compatibility" - chcon -R -t container_file_t ${RUN_DIR}/driver/dev + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then + echo "Change device files security context for selinux compatibility" + chcon -R -t container_file_t ${RUN_DIR}/driver/dev + fi } # Unmount the driver rootfs from the run directory. diff --git a/vgpu-manager/rhel9/nvidia-driver b/vgpu-manager/rhel9/nvidia-driver index 5efc0376d..652db77ee 100755 --- a/vgpu-manager/rhel9/nvidia-driver +++ b/vgpu-manager/rhel9/nvidia-driver @@ -30,8 +30,10 @@ _mount_rootfs() { mkdir -p ${RUN_DIR}/driver mount --rbind / ${RUN_DIR}/driver - echo "Change device files security context for selinux compatibility" - chcon -R -t container_file_t ${RUN_DIR}/driver/dev + if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then + echo "Change device files security context for selinux compatibility" + chcon -R -t container_file_t ${RUN_DIR}/driver/dev + fi } # Unmount the driver rootfs from the run directory.