"NvRmMemInitNvmap failed with Permission denied" error when running nvidia-docker in rootless mode on Jetson Orin Nano

AastaLLL · March 10, 2025, 9:32am

Hi,

Sorry for the missing.
We will check this internally and provide more info to you.

Thanks.

AastaLLL · April 8, 2025, 5:37am

Hi,

Thanks for your patience.

Although we are still working on this issue, here are some updates for you.
To enable /dev/nvmap access inside the rootless container, you can set the permission like this:

Test with “test_user” user:

1. Create a group

Using “test_user_group” here:

$ sudo groupadd test_user_group
$ sudo usermod -aG test_user_group test_user
$ sudo chown root:test_user_group /dev/nvmap

Re-login or reboot and verify with:

$ cat /dev/nvmap 
cat: /dev/nvmap: Invalid argument

It’s expected to see “Invalid argument” instead of “Permission denied”, which indicates the permission has been enabled for the ‘test_user_group’.

2. Update subgid setting

In order to utilize these permissions in the rootless docker container, please also edit /etc/subgid.

Obtain group ID number, group ID is 1003 in the below use case.

$ getent group test_user_group
test_user_group:x:1003:test_user

Original /etc/subgid:

# [username:subgid_start:subgid_length]
$ cat /etc/subgid
...
test_user:165536:65536

Modify into:

# [username:subgid_start:group_id - 1, username:group_id:1, username:subgid_start + group_id + 1:subgid_length - (group_id + 1)]
$ cat /etc/subgid
...
test_user:165536:1002
test_user:1003:1
test_user:166540:64542

3. Restart the docker service

$ systemctl --user restart docker.service

4. Testing

# cat /dev/nvmap 
cat: /dev/nvmap: Invalid argument

We can access the /dev/nvmap inside the container after the above steps.
However, our container fails to initial CUDA for other permission and we are still checking on that.

Could you also give it a try in your environment as well?

Thanks.

johannes-philipp.schuerz · April 11, 2025, 11:54am

Hi,

yes I can verify that following your instructions the error changed to:

ERROR: The NVIDIA Driver is present, but CUDA failed to initialize. GPU functionality will not be available.
[[ Operation not supported (error 801) ]]

Failed to detect NVIDIA driver version.

For sake of completness I think there is an arithmetic error in the third line of the /etc/subgid file:
Following your formula it should be ‘test_user:166540:64532’ right?

I was just wondering as the rootless access to the GPU works on the “ubuntu” user, why is it necessary to give file permissions for “test_user”?

AastaLLL · April 14, 2025, 9:07am

Hi,

Sorry for the mistake.
The third line is test_user:166540:64532

The setting is to allow the rootless docker container to utilize the permissions.
Thanks.

Topic		Replies	Views
Docker on TX1 (or TX2) Jetson TX1	25	11792	October 18, 2021
[BUG] target-docker-container running cuda-samples require unintended extra permission DRIVE AGX Orin General docker	12	1514	May 30, 2023
Docker on the TX2 Jetson TX2	37	31902	October 18, 2021
Docker libv4l2: error getting capabilities DeepStream SDK	16	1260	October 8, 2022
Libnvdla_compiler.so not found (bis repetita) Jetson AGX Orin tensorrt	9	68	April 22, 2025
Rootless Podman Container - CUDA Operation Not Supported - Error Code 801 DRIVE AGX Orin General driveos-cuda	11	528	October 10, 2024
JetPack 6.3 containerd and kubernetes Jetson AGX Orin nvbugs , containers	12	776	August 22, 2024
No CUDA-capable device is detected - yolov4 TAO Toolkit	10	135	August 16, 2024
Problems with Docker version 28.0.1 on Jetson Orin NX Jetson Orin NX docker	31	1636	April 7, 2025
Cannot passthrough GPU to Kubernetes pod on the Jetson AGX Orin dev kit Jetson AGX Orin gpu , kubernetes	14	122	April 20, 2025

"NvRmMemInitNvmap failed with Permission denied" error when running nvidia-docker in rootless mode on Jetson Orin Nano

1. Create a group

2. Update subgid setting

3. Restart the docker service

4. Testing

Related topics