NVIDIA · Ashutosh0x · Feb 28, 2026
diff --git a/azurelinux/nvidia-driver b/azurelinux/nvidia-driver
@@ -237,7 +237,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/fedora/nvidia-driver b/fedora/nvidia-driver
@@ -338,12 +338,6 @@ _get_module_params() {
 
 # Load the kernel modules and start persistenced.
 _load_driver() {
-    # Apply SELinux labels before loading modules
-    # if [ -e /sys/fs/selinux ]; then
-    #     echo "Change module files security context to modules_file_t"
-    #     chcon -R -t modules_object_t /lib/modules/$KERNEL_VERSION/kernel/drivers/video
-    # fi
-
     echo "Parsing kernel module parameters..."
     _get_module_params
 
@@ -501,7 +495,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/rhel10/nvidia-driver b/rhel10/nvidia-driver
@@ -576,7 +576,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/rhel10/ocp_dtk_entrypoint b/rhel10/ocp_dtk_entrypoint
@@ -72,9 +72,11 @@ nv-ctr-run-with-dtk() {
     cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}"
 
     # Tell SELinux to allow loading these files
-    find . -type f \
-         \( -name "*.txt" -or -name "*.go" \) \
-         -exec chcon -t modules_object_t "{}" \;
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
+        find . -type f \
+             \( -name "*.txt" -or -name "*.go" \) \
+             -exec chcon -t modules_object_t "{}" \;
+    fi
 
     echo "#"
     echo "# Executing nvidia-driver load script ..."

diff --git a/rhel10/precompiled/nvidia-driver b/rhel10/precompiled/nvidia-driver
@@ -324,7 +324,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/rhel7/nvidia-driver b/rhel7/nvidia-driver
@@ -248,7 +248,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/rhel8/nvidia-driver b/rhel8/nvidia-driver
@@ -559,7 +559,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/rhel8/ocp_dtk_entrypoint b/rhel8/ocp_dtk_entrypoint
@@ -68,9 +68,11 @@ nv-ctr-run-with-dtk() {
     cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}"
 
     # Tell SELinux to allow loading these files
-    find . -type f \
-         \( -name "*.txt" -or -name "*.go" \) \
-         -exec chcon -t modules_object_t "{}" \;
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
+        find . -type f \
+             \( -name "*.txt" -or -name "*.go" \) \
+             -exec chcon -t modules_object_t "{}" \;
+    fi
 
     echo "#"
     echo "# Executing nvidia-driver load script ..."

diff --git a/rhel8/precompiled/nvidia-driver b/rhel8/precompiled/nvidia-driver
@@ -301,7 +301,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/rhel9/nvidia-driver b/rhel9/nvidia-driver
@@ -576,7 +576,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/rhel9/ocp_dtk_entrypoint b/rhel9/ocp_dtk_entrypoint
@@ -72,9 +72,11 @@ nv-ctr-run-with-dtk() {
     cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}"
 
     # Tell SELinux to allow loading these files
-    find . -type f \
-         \( -name "*.txt" -or -name "*.go" \) \
-         -exec chcon -t modules_object_t "{}" \;
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
+        find . -type f \
+             \( -name "*.txt" -or -name "*.go" \) \
+             -exec chcon -t modules_object_t "{}" \;
+    fi
 
     echo "#"
     echo "# Executing nvidia-driver load script ..."

diff --git a/rhel9/precompiled/nvidia-driver b/rhel9/precompiled/nvidia-driver
@@ -350,7 +350,7 @@ _mount_rootfs() {
     mount --rbind / ${RUN_DIR}/driver
 
     echo "Check SELinux status"
-    if [ -e /sys/fs/selinux ]; then
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
         echo "SELinux is enabled"
         echo "Change device files security context for selinux compatibility"
         chcon -R -t container_file_t ${RUN_DIR}/driver/dev

diff --git a/vgpu-manager/rhel8/nvidia-driver b/vgpu-manager/rhel8/nvidia-driver
@@ -18,8 +18,10 @@ _mount_rootfs() {
     mkdir -p ${RUN_DIR}/driver
     mount --rbind / ${RUN_DIR}/driver
 
-    echo "Change device files security context for selinux compatibility"
-    chcon -R -t container_file_t ${RUN_DIR}/driver/dev
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
+        echo "Change device files security context for selinux compatibility"
+        chcon -R -t container_file_t ${RUN_DIR}/driver/dev
+    fi
 }
 
 # Unmount the driver rootfs from the run directory.

diff --git a/vgpu-manager/rhel9/nvidia-driver b/vgpu-manager/rhel9/nvidia-driver
@@ -30,8 +30,10 @@ _mount_rootfs() {
     mkdir -p ${RUN_DIR}/driver
     mount --rbind / ${RUN_DIR}/driver
 
-    echo "Change device files security context for selinux compatibility"
-    chcon -R -t container_file_t ${RUN_DIR}/driver/dev
+    if command -v selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
+        echo "Change device files security context for selinux compatibility"
+        chcon -R -t container_file_t ${RUN_DIR}/driver/dev
+    fi
 }
 
 # Unmount the driver rootfs from the run directory.