On Mon, Sep 08, 2025 at 02:38:17PM +0200, Kamil Paral wrote: > On Thu, Sep 4, 2025 at 3:39 PM Justin Forbes <jmforbes@xxxxxxxxxxx> wrote: > > > If someone can go > > through the effort to grab a patched Proton, they can load a kernel > > module. > > > > Hmm, can a user-space program load a kernel module during runtime, > without root privileges? I assume it can't. Unprivileged userspace code can trigger loading of some specific modules, but I don't think any of those scenarios apply in this case. (For example, when a socket is created, the kernel will attempt to autoload the requested protocol if it is not available. Similarly it'll autoload crypto algorithms, scheduling algorithms, sensor implementations, etc. And if a device node is pre-created, it'll attempt to load the module for a given char/block-major-minor number. Those cases are generally limited and/or require earlier setup through privileged code.) > The issue I see here is that many Wine front-ends provide many different > flavors of Wine (this one doesn't work? try a different one), with ProtonGE > being especially popular (but ntsync will likely gradually appear > everywhere, it's not limited to it). These front-ends (Bottles, Lutris, > Heroic) are often installed as Flatpaks from Flathub. But even if you > installed them as RPMs, the Wine tarballs are then downloaded from > upstream, not from RPMs. They are not going to be able to trigger a kernel > module load change, if that requires root. ProtonGE is actually popular > even for Steam users (again, available on Flathub), with different > graphical tools (from Flathub) to download it and select it as default > instead of Valve Proton. All of this requires no power user nor command > line knowledge, it's all click click click done stuff. I don't think most > of the users will even know what ntsync is, they just want to play games, > and the GUI tools make it easy for them. > > What can we do to make sure these gaming use cases work well on Fedora, > even if they're not coming from our RPM repos? If we don't want the kernel > module to be enabled by default, is there a different way to allow it to > work out-of-the-box for those who play games, but are not necessarily > aware of these very low level technical details? I'm not aware of any such mechanism. I don't think we should load the module by default for everyone. We could provide a package with a modprobe file to load the module by default though. It wouldn't be automatic, but it'd be a simple one command to install it. Zbyszek -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
