[Devel] https://bugs.openvz.org/browse/OVZ-6834 CUDA in container

Andrey Ryabinin aryabinin at virtuozzo.com
Tue Dec 13 06:57:28 PST 2016 

On 12/12/2016 03:58 PM, Thomas Hoberg wrote:
> Hi Andrey,
> 
> I'm very sorry to contact you directly, but I've run out of options to help myself.
> 
> I am trying to get CUDA programs to run inside OpenVZ containers (they already run on Docker containers on the host) and my problem is that the NVidia runtime library is looking at files in the /proc directory at startup, which are supressed in OpenVZ containers.
> 
> You have implemented a fix to make /proc/modules visible (thank you!), but immediately afterwards the runtime wants to see the contents of '/proc/driver/nvidia/params', and potentially more files inside that directory.
> 
> I've tried to find and fix the visibility myself, but I can't find where you implemented the /proc/modules patch.
> 
> The public git repository doesn't yet contain the patch (for easy comparison) and while I've downloaded the patched kernel from your build factory (https://download.openvz.org/virtuozzo/factory/x86_64/os/Packages/v/) and looked through all kernel sources which I thought could possibly contain the patch, it has eluded me.
> 

You can find all patches in devel at openvz.org mailing list archives: https://lists.openvz.org/pipermail/devel/2016-November/069624.html

> So could you either include a patch to make /proc/driver visible or help me find the patch for /proc/modules so I can try myself?
> 

Access to proc directories is slightly different. We show directory in container iff it sticky bit is set.
You can set sticky bit via chmod (it's forbidden for proc entries in OpenVZ kernel, I dunno why),
but you can change the source like this:

diff --git a/fs/proc/root.c b/fs/proc/root.c
index 88be7c2..2a0bd71 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -185,7 +185,7 @@ void __init proc_root_init(void)
 	proc_mkdir_mode("sysvipc", S_ISVTX | S_IRUGO | S_IXUGO, NULL);
 #endif
 	proc_mkdir_mode("fs", S_ISVTX | S_IRUGO | S_IXUGO, NULL);
-	proc_mkdir("driver", NULL);
+	proc_mkdir_mode("driver", S_ISVTX, NULL);
 	/* somewhere for the nfsd filesystem to be mounted */
 	proc_mkdir_mode("fs/nfsd", S_ISVTX | S_IRUGO | S_IXUGO, NULL);
 #if defined(CONFIG_SUN_OPENPROMFS) || defined(CONFIG_SUN_OPENPROMFS_MODULE)
-- 


The patch above will allow you to see /proc/driver in container. Obviously you may need to do the same for nvidia directory.
Have fun!


> I've added comments to the Bugs/Jira and on the Support forum, but I could not see any reaction which is why I am contacting you directly.
> 
> I'm very sorry to bother you like this and I hope you'll forgive me just this once.
> 
> Please let me know where I should have gone differently in the normal process to get this fixed.
> 
> 
> Kind regards, Thomas
>

More information about the Devel mailing list