= Fedora NVIDIA Container Toolkit SELinux README =

To be able to use the toolkit with SELinux enforcing, you must allow container_t
access to use X server devices. This package automatically enables the
container_use_xserver_devices policy boolean and it affects all containers.

Test that everything is working using the CDI nvidia device:

$ podman run --device nvidia.com/gpu=all --rm fedora:latest nvidia-smi

To disable the global allow container_t to use X server devices:

$ sudo setsebool -P container_use_xserver_devices 0

The container will no longer have access to the device:

$ podman run --device nvidia.com/gpu=all --rm fedora:latest nvidia-smi
Failed to initialize NVML: Insufficient Permissions
