Using nvidia-docker containers as non root user

jordan.sim · November 24, 2022, 12:22am

I want to use a CUDA container in Docker as a non root user, but am running into permission problems. Here’s an example Dockerfile:

FROM nvidia/cudagl:11.2.2-runtime-ubuntu18.04

RUN useradd -ms /bin/bash testuser -G video,sudo

USER testuser
ENTRYPOINT "/bin/bash"

Running nvidia-smi gives the following error: Failed to initialize NVML: Insufficient Permissions

My application uses VirtualGL and Xvfb to render Chrome with a GPU if that’s relevant. Works perfectly fine with the root user.

jordan.sim · November 24, 2022, 3:24am

TL;DR - Check the gid of vglusers group on the host. Add this group with the gid in the container, and add the user to this group.

So investigating this a bit, I looked at the nvidia devices in the container:

root@56cef279b83f:/# cd /dev
root@56cef279b83f:/dev# ls -l | grep nvidia
crw-rw---- 1 root 1005 195,   0 Nov 23 23:13 nvidia0
crw-rw---- 1 root 1005 195, 255 Nov 23 23:13 nvidiactl
crw-rw---- 1 root 1005 195, 254 Nov 23 23:13 nvidia-modeset
crw-rw-rw- 1 root root 506,   0 Nov 23 23:13 nvidia-uvm
crw-rw-rw- 1 root root 506,   1 Nov 23 23:13 nvidia-uvm-tools

The nvidia devices belonged to a group with gid 1005. This was odd as there was no group in the container with that ID.

I went to look into the devices on the host, and as per my VGL setup, they belong to root, or the vglusers group.

(venv) jsim@goliath:/var/log$ cd /dev/
(venv) jsim@goliath:/dev$ ls -l | grep nvidia
crw-rw----   1 root vglusers 195,   0 Nov 24 10:13 nvidia0
drwxr-xr-x   2 root root           80 Nov 24 10:31 nvidia-caps
crw-rw----   1 root vglusers 195, 255 Nov 24 10:13 nvidiactl
crw-rw----   1 root vglusers 195, 254 Nov 24 10:13 nvidia-modeset
crw-rw-rw-   1 root root     506,   0 Nov 24 10:13 nvidia-uvm
crw-rw-rw-   1 root root     506,   1 Nov 24 10:13 nvidia-uvm-tools

As it turns out, vglusers has a gid of 1005!

jsim@goliath:/dev$ cat /etc/group | grep vglusers
vglusers:x:1005:jsim

So in my Dockerfile, all I had to do is add the group vglusers with gid 1005, and add my user to this group. Problem solved.

RUN groupadd -g 1005 vglusers && \
    useradd -ms /bin/bash testuser -u 1000 -g 1005 && \
    usermod -a -G video,sudo testuser

Topic		Replies	Views
nvidia-smi -----> Failed to initialize NVML: Unknown Error (in docker) CUDA Setup and Installation	4	19990	August 12, 2019
[solved - somehow] CUDA in Docker gives "Failed to initialize NVML: Unknown Error" CUDA Setup and Installation	2	2478	May 2, 2024
Failed to initialize NVML: Unknown Error when running nvidia-smi on Docker container CUDA Programming and Performance cuda , ubuntu , docker	2	10124	October 18, 2020
NVIDIA CUDA in custom docker image Docker and NVIDIA Docker	1	2351	July 7, 2020
Nvml errors when attempting to use docker with Nvidia Container Toolkit Docker and NVIDIA Docker cuda , ubuntu	1	158	November 1, 2024
Docker and nvidia-smi not working with clean install on Driver 470.14 and Insider Preview (Build 21343) Ubuntu 20.04 CUDA on Windows Subsystem for Linux	3	5470	April 17, 2021
Applications not using GPU inside docker container Docker and NVIDIA Docker	1	910	May 2, 2024
Can we install a docker image nvidia/cuda without installing anything on the host? CUDA Setup and Installation	0	1707	May 23, 2022
No gpu capabilities with docker that has cuda and a windows host that also has cuda Drivers - Linux, Windows, MacOS cuda , docker , nvidia-smi	0	495	March 13, 2024
nvidia-docker inside Kubernetes - Failed to initialize NVML: Unknown Error CUDA Setup and Installation	3	4007	January 9, 2022

Using nvidia-docker containers as non root user

Related topics