-
Notifications
You must be signed in to change notification settings - Fork 216
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpf_prog_query(BPF_CGROUP_DEVICE) failed #154
Comments
Could this be related to #151? |
This is strange indeed, as docker certainly should have applied a set of device filters before |
That said, I'm not that familiar with LXC (and how one can create LXC containers using the docker command line as you show). Could you give a more complete example of how to reproduce this? |
I am also running into this error. It appeared after I enabled cgroups v2. I set the kernel Originally, I was getting an error like this:
After adding the kernel param, updating and rebooting, I now get
|
To follow-up, the issue disappears if I toggle the |
@Scronkfinkle we released an updated version of the NVIDIA Container Toolkit (including |
I don't think updating to A similar bug was address by |
@elezar for what it's worth, I am running 1.8.1
@klueska when you say "just a lack of documentation on how to run with rootless", do you mean that an undocumented solution exists, or instead that it's undocumented that one cannot run rootless docker with |
Just wanted to add I have an almost identical configuration/setup as the OP and running into the same issue. I am running NVIDIA Container Toolkit 1.10.0. The LXC container which I am running on Debian/Proxmox is an unpriviledged one. The only solution that seems to work for now is toggle I have attached the nvidia-container-toolkit debug logs if it helps. First is with nvidia-container-toolkit_no-cgroup-true.log |
no-cgroups=true is a no-go for me as I need to run GPU container workloads using both root and rootless config on the same host. |
So... is there a solution (other than toggling off cgroups)? |
This works fine for me now. I am using cgroups v2 and both root and rootless docker on the same host. Don't take this as proof that it will work in general. Fedora 38 + docker-ce repo (v22.0.5)
|
Addendum: After upgrading to Fedora 39 it stopped working.
|
1. Issue or feature description
When trying to run a docker container with:
This is the output
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: Running hook #0:: error running hook: exit status 1, stdout: , stderr: nvidia-container-cli: mount error: failed to add device rules: unable to find any existing device filters attached to the cgroup: bpf_prog_query(BPF_CGROUP_DEVICE) failed: operation not permitted: unknown.
2. Steps to reproduce the issue
3. Information to attach (optional if deemed irrelevant)
Kernelversion
Linux 5.15.7-1-pve
in a LXC Container with Debian 10 and with cgroup2 arguments given to:
nvidia-smi output:
The text was updated successfully, but these errors were encountered: