On Wed, Aug 14, 2019 at 05:11:02PM +0200, Nicolas FOURNIALS wrote: > Hi, > > Le 14/08/2019 à 16:35, Andreas Haupt a écrit : > > Preventing access to the 'wrong' gpu devices by "malicious jobs" is not > > that easy. An idea could be to e.g. play with device permissions. > > That's what we do by having /dev/nvidia[0-n] files owned by root and with > permissions 660. > Prolog (executed as root) changes the file owner to give it to the user > running the job. Epilog gives the file back to root. We do something similar but change the group of the device to match the one assigned to the job. This allows for multiple jobs from the same user without interference. You have to set a magic kernel option to prevent ther permissions on the device files from auto-changing.
William
signature.asc
Description: PGP signature
_______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users
