AppArmor profile for DCGM

NVIDIA / DCGM

NVIDIA Data Center GPU Manager (DCGM) is a project for gathering telemetry and measuring the health of NVIDIA GPUs

Apache License 2.0

355 stars 49 forks source link

AppArmor profile for DCGM #153

Open pintohutch opened 5 months ago

pintohutch commented 5 months ago

Hello,

I'd like to run DCGM as a Daemonset in Kubernetes.

However, I notice it needs SYS_ADMIN privileges.

I'd like to minimize the permissions of the process running the DCGM containers using an AppArmor profile. Does NVIDIA have a recommended AppArmor profile that can be used for this purpose to minimize security concerns for running DCGM (particularly on Kubernetes)?

Thanks!

pintohutch commented 5 months ago

Related question for dcgm-exporter https://github.com/NVIDIA/dcgm-exporter/issues/165

nikkon-dev commented 5 months ago

@pintohutch,

Currently, we do not have an AppArmor profile for the DCGM service.

pintohutch commented 5 months ago

Ok thanks @nikkon-dev for the info