[Bug 2045768] Re: Proposal to Assign a Fixed Group ID to the render Group
Robie Basak
2045768 at bugs.launchpad.net
Tue Dec 12 12:28:30 UTC 2023
I don't have time to provide a fully researched answer, but I hope this
will help.
If you're not already familiar, I suggest you start at
https://www.debian.org/doc/debian-policy/ch-opersys.html#users-and-
groups. Ubuntu cannot allocate these without potential future collision
with Debian. So you should ask Debian in the first instance.
I'm pretty sure I speak for Ubuntu developers when I say that this
cannot be considered for Ubuntu alone without a discussion in Debian
first.
** Changed in: base-passwd (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to base-passwd in Ubuntu.
https://bugs.launchpad.net/bugs/2045768
Title:
Proposal to Assign a Fixed Group ID to the render Group
Status in base-passwd package in Ubuntu:
Incomplete
Bug description:
Problem Statement:
The lack of a fixed Group ID (GID) for the render group in Ubuntu leads to compatibility and security challenges, particularly in environments utilizing GPU resources.
Description:
This proposal recommends assigning GID 59 to the render group in the base-passwd/group.master file. The initiative aims to standardize GPU resource management across installations, enhancing system security and application compatibility.
The transition of /dev/dri/renderD* from the video to the render group
in SystemD has led to issues due to the lack of a fixed GID for
render. This has impacted various projects and forced the community to
adopt workarounds.
https://github.com/systemd/systemd/commit/4e15a7343cb389e97f3eb4f49699161862d8b8b2#diff-8a70fecf0ff724cf610bf2a50eb64d8cb310079007e56d362987c4aefd5d21bb
Proposed Change:
Assign GID 59 to the render group or another GID that is more
appropriate.
Rationale:
Consistency: A standardized GID ensures uniform access controls across various Linux installations.
Security: Establishes clear and predictable permissions for GPU resources, reducing the need for elevated permissions.
Compatibility: Supports applications that depend on GPU access, avoiding conflicts and permissions issues.
Context and Documented Issues:
Some examples of issues around this:
https://github.com/blakeblackshear/frigate/issues/7640
https://unix.stackexchange.com/questions/747523/docker-permissions-issue-accessing-dev-dri-device
https://github.com/linuxserver/docker-plex/issues/211
https://support.xilinx.com/s/question/0D52E00006mfsHaSAI/permission-denied-when-running-hardware?language=en_US
https://github.com/jellyfin/jellyfin/issues/9229
Impact on Ubuntu Versions:
This issue affects versions such as Ubuntu 20.04 and 22.04,
particularly in Docker environments where the render group is not
consistently recognized.
Request for Feedback:
Seeking feedback and discussion from the Ubuntu community and
maintainers.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/2045768/+subscriptions
More information about the foundations-bugs
mailing list