-
Notifications
You must be signed in to change notification settings - Fork 256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot use userns=keep-id together with nvidia-container-toolkit on rootless podman #35
Comments
@Clockwork-Muse in order to better leverage features such as We have just released
If the generated spec is copied to
Note that the generated spec also contains a definition for the device Any feedback or comments on the new functionality will be appreciated. |
I haven't installed the latest RC yet, but manually creating what I believe should be the relevant CDI spec file still throws the same error:
The manually created file is this (from the podman pr enabling it): {
"cdiVersion": "0.2.0",
"kind": "nvidia.com/gpu",
"devices": [
{
"name": "gpu0",
"containerEdits": {
"env": [
"NVIDIA_VISIBLE_DEVICES=0"
]
}
}
],
"containerEdits": {
"hooks": [
{
"hookName": "prestart",
"path": "/usr/bin/nvidia-container-toolkit",
"args": [
"nvidia-container-toolkit",
"prestart"
]
}
]
}
} |
I would not use that spec as that still uses the NVIDIA Container CLI to make modifications to the container namespace. Please see https://gitlab.com/nvidia/container-toolkit/container-toolkit/-/issues/8 and NVIDIA/nvidia-container-runtime#85 (comment) for a more up to date spec. |
Yes! |
Great! The |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Attempting to keep the external user id with a rootless container while using the nvidia-container-toolkit fails.
Steps to reproduce the issue:
Install the nvidia-container-toolkit
Run
podman run --rm --userns keep-id docker.io/nvidia/cudagl:11.4.2-runtime-ubuntu20.04 nvidia-smi
Describe the results you received:
Describe the results you expected:
The normal output of nvidia-smi
Additional information you deem important (e.g. issue happens only occasionally):
--security-opt=label=disable
(as in the nvidia install documentation) does not appear to make a difference.--userns keep-id
succeeds (generates expected output).id -u
shows the remapped uid.The real deployment situation is a devcontainer that contains graphical tools needing to access the X11 port, so mapping the uid to the host user is a requirement.
Output of
podman version
:Output of
podman info
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Additional environment details (AWS, VirtualBox, physical, etc.):
N/A
Does the hook leave any logs in the journal indicate why it failed?
I got nuffin'.
Debug logging is turned on in
/etc/nvidia-container-runtime/config.toml
(to a directory/file I have permission to write to), but it doesn't generate a file at all.Moving from containers/podman#15863
The text was updated successfully, but these errors were encountered: