1

I am trying to run a gpu-compute application inside of an nspawn container, i have configured the container as follows:

/etc/systemd/nspawn/ubuntuintel.nspawn:

argon# cat ubuntuintel.nspawn 
[Exec]
Capability=CAP_SYS_ADMIN

[Files]
Bind=/dev/dri

/etc/systemd/system.control/[email protected]/50-DeviceAllow.conf:

# This is a drop-in unit file extension, created via "systemctl set-property"
# or an equivalent operation. Do not edit.
[Service]
DeviceAllow=
DeviceAllow=/dev/net/tun rwm
DeviceAllow=char-pts rw
DeviceAllow=/dev/loop-control rw
DeviceAllow=block-loop rw
DeviceAllow=block-blkext rw
DeviceAllow=/dev/mapper/control rw
DeviceAllow=block-device-mapper rw
DeviceAllow=/dev/dri rwm

Then i run the container via systemctl start [email protected]

In the container the /dev/dri directory is present, but upon running the application this happens:

openat(AT_FDCWD, "/dev/dri/renderD128", O_RDWR) = -1 EPERM (Operation not permitted)

What is the proper way to have the container use the gpu? I have also considered simply using qemu + pci passthrough but that is considerably heavier

Improve this question
4
  • 2
    You probably need to permit read/write access to the device /dev/dri/renderD128 not just the directory /dev/dri. Commented Aug 27, 2021 at 14:19
  • Ah that did it, i expected it to act on the whole directory Commented Aug 27, 2021 at 18:26
  • you wanna make that an answer so i can accept it? Commented Aug 27, 2021 at 18:27
  • It was a guess! Someone who knows how it is supposed to work should probably give a proper answer. Commented Aug 29, 2021 at 8:12

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.