systemd-nspawn /dev/dri/card0 privileges

Question

systemd-nspawn /dev/dri/card0 privileges

1.4k views Asked by intelfx At 13 December 2017 at 11:45

I'm trying hard to access /dev/dri/card0 from the nspawn container and have no success. Is it even possible?

/etc/systemd/system/[email protected]/override.conf:

[Service]
DeviceAllow=/dev/dri rw
DeviceAllow=/dev/shm rw
DeviceAllow=char-drm rw
ExecStart=
ExecStart=/usr/bin/systemd-nspawn --quiet --boot --link-journal=try-guest --network-veth -U --settings=override --machine=centos7 --capability=all

/etc/systemd/nspawn/centos7.nspawn:

[Exec]
Boot=yes
PrivateUsers=no

[Files]
Bind=/home/<user>
Bind=/tmp/.X11-unix
Bind=/cvmfs
Bind=/dev/shm
Bind=/dev/dri

[Network]
Private=no

In the machine I have:

$ strace -e open glxinfo
...
open("/dev/dri/card0", O_RDWR|O_CLOEXEC) = -1 EPERM (Operation not permitted)
...
$ ll /dev/dri/card0 
crw-rw----+ 1 root video 226, 0 Dec 13 11:55 /dev/dri/card0
$ groups
<user> wheel video

Is there a way to make it work?

Original Q&A

There are 1 answers

**intelfx** · Answer 1 · 2017-12-14 08:20:33

intelfx On 14 December 2017 at 08:20

~~Solved~~ Kludged brutally by adding the line

ExecStartPost=/bin/sh -c 'echo a > /sys/fs/cgroup/devices/machine.slice/machine-centos7.scope/devices.allow'

to the /etc/systemd/system/[email protected]/override.conf file.

TechQA.

systemd-nspawn /dev/dri/card0 privileges

There are 1 answers

Related Questions in SYSTEMD-NSPAWN

Popular Questions

Popular Tags

Trending Questions