On 09/05/18 18:10, Mike Gilbert wrote: > On Wed, May 9, 2018 at 12:34 PM, Matt Turner <matts...@gentoo.org> wrote: >> On Tue, May 8, 2018 at 11:51 PM, Dennis Schridde <devuran...@gmx.net> wrote: >>> Hello! >>> >>> I see sandbox violations similar to "ACCESS DENIED: open_wr: /dev/dri/ >>> renderD128" pop up for more and more packages, probably since OpenCL becomes >>> used more widely. Hence I would like to ask: Could we in Gentoo treat GPUs >>> just like CPUs and allow any process to access render nodes (i.e. the GPUs >>> compute capabilities via the specific interface the Linux kernel's DRM >>> offers >>> for that purpose) without sandbox restrictions? >>> >>> --Dennis >>> >>> See-Also: https://bugs.gentoo.org/654216 >> This seems like a bad idea. With CPUs we've had decades to work out >> how to isolate processes and prevent them from taking down the system. >> >> GPUs are not there yet. It's simple to trigger an unrecoverable GPU >> hang and not much harder to turn it into a full system lock up. >> >> This is not safe. >> > It's worth noting that the default rules shipped with udev assign mode > 0666 to the /dev/dri/renderD* device nodes. So, outside of a sanbox > environment, any user may access these devices. > > This was merged as part of this PR: > https://github.com/systemd/systemd/pull/7112 > How does that pan out for other init systems?
signature.asc
Description: OpenPGP digital signature
