diff --git a/rhel10/nvidia-driver b/rhel10/nvidia-driver index f1e8d0615..6fdddd7ff 100755 --- a/rhel10/nvidia-driver +++ b/rhel10/nvidia-driver @@ -580,7 +580,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel10/ocp_dtk_entrypoint b/rhel10/ocp_dtk_entrypoint index 50d3f65ed..25dfb2b7a 100755 --- a/rhel10/ocp_dtk_entrypoint +++ b/rhel10/ocp_dtk_entrypoint @@ -72,9 +72,15 @@ nv-ctr-run-with-dtk() { cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}" # Tell SELinux to allow loading these files - find . -type f \ - \( -name "*.txt" -or -name "*.go" \) \ - -exec chcon -t modules_object_t "{}" \; + echo "Check SELinux status" + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then + echo "SELinux is enabled" + find . -type f \ + \( -name "*.txt" -or -name "*.go" \) \ + -exec chcon -t modules_object_t "{}" \; + else + echo "SELinux is disabled, skipping..." + fi echo "#" echo "# Executing nvidia-driver load script ..." diff --git a/rhel10/precompiled/nvidia-driver b/rhel10/precompiled/nvidia-driver index 8b9c29a9f..ec2438f97 100755 --- a/rhel10/precompiled/nvidia-driver +++ b/rhel10/precompiled/nvidia-driver @@ -324,7 +324,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel8/nvidia-driver b/rhel8/nvidia-driver index 58753091b..71c5f6fea 100755 --- a/rhel8/nvidia-driver +++ b/rhel8/nvidia-driver @@ -559,7 +559,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel8/ocp_dtk_entrypoint b/rhel8/ocp_dtk_entrypoint index 9de26e7d0..6ccbfcc9c 100755 --- a/rhel8/ocp_dtk_entrypoint +++ b/rhel8/ocp_dtk_entrypoint @@ -68,9 +68,15 @@ nv-ctr-run-with-dtk() { cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}" # Tell SELinux to allow loading these files - find . -type f \ - \( -name "*.txt" -or -name "*.go" \) \ - -exec chcon -t modules_object_t "{}" \; + echo "Check SELinux status" + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then + echo "SELinux is enabled" + find . -type f \ + \( -name "*.txt" -or -name "*.go" \) \ + -exec chcon -t modules_object_t "{}" \; + else + echo "SELinux is disabled, skipping..." + fi echo "#" echo "# Executing nvidia-driver load script ..." diff --git a/rhel8/precompiled/nvidia-driver b/rhel8/precompiled/nvidia-driver index de85549bc..d09393eee 100755 --- a/rhel8/precompiled/nvidia-driver +++ b/rhel8/precompiled/nvidia-driver @@ -301,7 +301,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel9/nvidia-driver b/rhel9/nvidia-driver index e1cf01a38..d626c4ba8 100755 --- a/rhel9/nvidia-driver +++ b/rhel9/nvidia-driver @@ -576,7 +576,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/rhel9/ocp_dtk_entrypoint b/rhel9/ocp_dtk_entrypoint index ff876384f..65682f62d 100755 --- a/rhel9/ocp_dtk_entrypoint +++ b/rhel9/ocp_dtk_entrypoint @@ -72,9 +72,15 @@ nv-ctr-run-with-dtk() { cp -rv "${MODULES_SHARED}"/* "${MODULES_LOCAL}" # Tell SELinux to allow loading these files - find . -type f \ - \( -name "*.txt" -or -name "*.go" \) \ - -exec chcon -t modules_object_t "{}" \; + echo "Check SELinux status" + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then + echo "SELinux is enabled" + find . -type f \ + \( -name "*.txt" -or -name "*.go" \) \ + -exec chcon -t modules_object_t "{}" \; + else + echo "SELinux is disabled, skipping..." + fi echo "#" echo "# Executing nvidia-driver load script ..." diff --git a/rhel9/precompiled/nvidia-driver b/rhel9/precompiled/nvidia-driver index 8b22e440a..90e1fefdc 100755 --- a/rhel9/precompiled/nvidia-driver +++ b/rhel9/precompiled/nvidia-driver @@ -350,7 +350,7 @@ _mount_rootfs() { mount --rbind / ${RUN_DIR}/driver echo "Check SELinux status" - if [ -e /sys/fs/selinux ]; then + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then echo "SELinux is enabled" echo "Change device files security context for selinux compatibility" chcon -R -t container_file_t ${RUN_DIR}/driver/dev diff --git a/vgpu-manager/rhel8/nvidia-driver b/vgpu-manager/rhel8/nvidia-driver index b15a1085a..0e3f31d1c 100755 --- a/vgpu-manager/rhel8/nvidia-driver +++ b/vgpu-manager/rhel8/nvidia-driver @@ -18,8 +18,14 @@ _mount_rootfs() { mkdir -p ${RUN_DIR}/driver mount --rbind / ${RUN_DIR}/driver - echo "Change device files security context for selinux compatibility" - chcon -R -t container_file_t ${RUN_DIR}/driver/dev + echo "Check SELinux status" + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then + echo "SELinux is enabled" + echo "Change device files security context for selinux compatibility" + chcon -R -t container_file_t ${RUN_DIR}/driver/dev + else + echo "SELinux is disabled, skipping..." + fi } # Unmount the driver rootfs from the run directory. diff --git a/vgpu-manager/rhel9/nvidia-driver b/vgpu-manager/rhel9/nvidia-driver index 5efc0376d..9aa270ba5 100755 --- a/vgpu-manager/rhel9/nvidia-driver +++ b/vgpu-manager/rhel9/nvidia-driver @@ -30,8 +30,14 @@ _mount_rootfs() { mkdir -p ${RUN_DIR}/driver mount --rbind / ${RUN_DIR}/driver - echo "Change device files security context for selinux compatibility" - chcon -R -t container_file_t ${RUN_DIR}/driver/dev + echo "Check SELinux status" + if grep -qsw "selinuxfs" /proc/mounts && [ -f /sys/fs/selinux/enforce ]; then + echo "SELinux is enabled" + echo "Change device files security context for selinux compatibility" + chcon -R -t container_file_t ${RUN_DIR}/driver/dev + else + echo "SELinux is disabled, skipping..." + fi } # Unmount the driver rootfs from the run directory.