I am trying to run a gpu-compute application inside of an nspawn container, i have configured the container as follows:
/etc/systemd/nspawn/ubuntuintel.nspawn:
argon# cat ubuntuintel.nspawn
[Exec]
Capability=CAP_SYS_ADMIN
[Files]
Bind=/dev/dri/etc/systemd/system.control/systemd-nspawn@ubuntuintel.service.d/50-DeviceAllow.conf:
# This is a drop-in unit file extension, created via "systemctl set-property"
# or an equivalent operation. Do not edit.
[Service]
DeviceAllow=
DeviceAllow=/dev/net/tun rwm
DeviceAllow=char-pts rw
DeviceAllow=/dev/loop-control rw
DeviceAllow=block-loop rw
DeviceAllow=block-blkext rw
DeviceAllow=/dev/mapper/control rw
DeviceAllow=block-device-mapper rw
DeviceAllow=/dev/dri rwmsystemctl start systemd-nspawn@ubuntuintel.service
In the container the /dev/dri directory is present, but upon running the application this happens:
openat(AT_FDCWD, "/dev/dri/renderD128", O_RDWR) = -1 EPERM (Operation not permitted)
What is the proper way to have the container use the gpu? I have also considered simply using qemu + pci passthrough but that is considerably heavier
Asked by Matt
(193 rep)
Aug 27, 2021, 11:50 AM