Closed dandroid126 closed 10 months ago
dandroid126
commented
10 months ago A future improvement would be to make it so the python command isn't being run by root inside the container. As of this moment, the host's GPU can't be accessed inside the container by any user other than root.
poVoq
commented
10 months ago This is helpful for getting Podman to work with the GPU on Fedora 38. Also explains how to make it work in rootless mode: https://blog.shawonashraf.com/nvidia-podman-fedora-37
dandroid126
commented
10 months ago This is helpful for getting Podman to work with the GPU on Fedora 38. Also explains how to make it work in rootless mode: https://blog.shawonashraf.com/nvidia-podman-fedora-37
I'm not 100% sure this is what I am missing. I am able to run the container in rootless mode with podman by creating the cdi and passing that info into the container with the --device option. This works fine when running the container as a non-root user. The problem I currently have is that inside the container, only root can access /dev/nvidia0. From what I have gathered, on the host, a script is run at login to set the acls of which user can access this device. Because root inside the container is mapped to the same user id of who is running the container on the host, root can access anything that user can access. However, when I make a new user inside the container, uid 1000 inside the container is mapped to uid 100999 outside the container, and this uid doesn't have the acls set to be able to access /dev/nvidia0
I'm not 100% certain that the --device option works with docker. I use podman and it works fine, but I can't install docker without removing the podman-compose package, as it emulates docker with podman, and that will break some other things that I have running. I think it might be more trouble than it is worth to set up a VM to test this. But someone that uses docker instead of podman might want to try that command.
I suspect that with docker you can actually omit the --device option entirely, as the CDI specification is really only needed for rootless containers (aka, podman)