diff options
| author | Philip Taron <philip.taron@gmail.com> | 2023-11-27 09:07:32 -0800 |
|---|---|---|
| committer | Philip Taron <philip.taron@gmail.com> | 2024-03-19 16:34:41 -0700 |
| commit | 29a46d28027016dc9dbed88b7258306b35662158 (patch) | |
| tree | fed37e51df9272ec19f98aad68a6e2f539b411ec /nixos/modules/hardware | |
| parent | b022be4d67773b7dd2b69a557d7c0e874b872219 (diff) | |
nixos/nvidia: Set SidebandSocketPath to a user-writable path in `/run`
The NVIDIA X driver uses a UNIX domain socket to pass information to
other driver components. If unable to connect to this socket, some
driver features, such as G-Sync, may not work correctly. The socket will
be bound to a file with a name unique to the X server instance created
in the directory specified by this option. Note that on Linux, an
additional abstract socket (not associated with a file) will also be
created, with this pathname socket serving as a fallback if connecting
to the abstract socket fails.
The default, which was in effect prior to this change, was `/var/run`.
The effect of not setting this option was that GDM X sessions
(and other non-root sessions) would see this warning in the log files:
```
(WW) NVIDIA: Failed to bind sideband socket to
(WW) NVIDIA: '/var/run/nvidia-xdriver-b4f69129' Permission denied
```
I don't see any security implications of turning this on universally,
since there already was an abstract socket created according to the
docs.
Documentation:
1. [NVIDIA X Config Options](https://download.nvidia.com/XFree86/Linux-x86_64/440.82/README/xconfigoptions.html#SidebandSocketPath)
Diagnosis:
1. [Arch Linux BBS post](https://bbs.archlinux.org/viewtopic.php?pid=1909115#p1909115)
Diffstat (limited to 'nixos/modules/hardware')
| -rw-r--r-- | nixos/modules/hardware/video/nvidia.nix | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 3b983f768f91..352c8d8ead54 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -396,6 +396,9 @@ in { modules = [nvidia_x11.bin]; display = !offloadCfg.enable; deviceSection = + '' + Option "SidebandSocketPath" "/run/nvidia-xdriver/" + '' + lib.optionalString primeEnabled '' BusID "${pCfg.nvidiaBusId}" @@ -533,8 +536,14 @@ in { hardware.firmware = lib.optional cfg.open nvidia_x11.firmware; - systemd.tmpfiles.rules = - lib.optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia) + systemd.tmpfiles.rules = [ + # Remove the following log message: + # (WW) NVIDIA: Failed to bind sideband socket to + # (WW) NVIDIA: '/var/run/nvidia-xdriver-b4f69129' Permission denied + # + # https://bbs.archlinux.org/viewtopic.php?pid=1909115#p1909115 + "d /run/nvidia-xdriver 0770 root users" + ] ++ lib.optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia) "L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced"; boot = { |