Seems that sysfs restriction is incompatible with udev, and by extension latest Mesa / DRI. mesa seems to use /sys/dev/ and /sys/devices/ for working DRI (likely via udev).
Relevant strace parts of running glxgears on vanilla kernel:
- Code: Select all
open("/dev/dri/card0", O_RDWR|O_CLOEXEC) = 4
...
fstat(4, {st_mode=S_IFCHR|0660, st_rdev=makedev(226, 0), ...}) = 0
readlink("/sys/dev/char/226:0", "../../devices/pci0000:00/0000:00"..., 1024) = 47
stat("/sys/devices/pci0000:00/0000:00:02.0/drm/card0/uevent", {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0
readlink("/sys/devices/pci0000:00/0000:00:02.0/drm", 0x739a60481de8, 1024) = -1 EINVAL (Invalid argument)
stat("/sys/devices/pci0000:00/0000:00:02.0/drm/uevent", 0x739a60482248) = -1 ENOENT (No such file or directory)
readlink("/sys/devices/pci0000:00/0000:00:02.0", 0x739a60481de8, 1024) = -1 EINVAL (Invalid argument)
stat("/sys/devices/pci0000:00/0000:00:02.0/uevent", {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0
open("/sys/devices/pci0000:00/0000:00:02.0/uevent", O_RDONLY|O_CLOEXEC) = 5
fcntl(5, F_SETFD, FD_CLOEXEC) = 0
fcntl(5, F_SETFD, FD_CLOEXEC) = 0
readv(5, [{"", 0}, {"DRIVER=i915\nPCI_CLASS=30000\nPCI_"..., 1024}], 2) = 159
readv(5, [{"", 0}, {"DRIVER=i915\nPCI_CLASS=30000\nPCI_"..., 1024}], 2) = 0
close(5) = 0
readlink("/sys/devices/pci0000:00/0000:00:02.0/subsystem", "../../../bus/pci", 1024) = 16
I wonder if makes sense to white-list more /sys entries, or should we just disable sysfs restrictions on systems running X.