[Touch-packages] [Bug 2045768] Re: Proposal to Assign a Fixed Group ID to the render Group
** Changed in: base-passwd (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-passwd in Ubuntu. https://bugs.launchpad.net/bugs/2045768 Title: Proposal to Assign a Fixed Group ID to the render Group Status in base-passwd package in Ubuntu: Incomplete Status in base-passwd package in Debian: New Bug description: Problem Statement: The lack of a fixed Group ID (GID) for the render group in Ubuntu leads to compatibility and security challenges, particularly in environments utilizing GPU resources. Description: This proposal recommends assigning GID 59 to the render group in the base-passwd/group.master file. The initiative aims to standardize GPU resource management across installations, enhancing system security and application compatibility. The transition of /dev/dri/renderD* from the video to the render group in SystemD has led to issues due to the lack of a fixed GID for render. This has impacted various projects and forced the community to adopt workarounds. https://github.com/systemd/systemd/commit/4e15a7343cb389e97f3eb4f49699161862d8b8b2#diff-8a70fecf0ff724cf610bf2a50eb64d8cb310079007e56d362987c4aefd5d21bb Proposed Change: Assign GID 59 to the render group or another GID that is more appropriate. Rationale: Consistency: A standardized GID ensures uniform access controls across various Linux installations. Security: Establishes clear and predictable permissions for GPU resources, reducing the need for elevated permissions. Compatibility: Supports applications that depend on GPU access, avoiding conflicts and permissions issues. Context and Documented Issues: Some examples of issues around this: https://github.com/blakeblackshear/frigate/issues/7640 https://unix.stackexchange.com/questions/747523/docker-permissions-issue-accessing-dev-dri-device https://github.com/linuxserver/docker-plex/issues/211 https://support.xilinx.com/s/question/0D52E6mfsHaSAI/permission-denied-when-running-hardware?language=en_US https://github.com/jellyfin/jellyfin/issues/9229 Impact on Ubuntu Versions: This issue affects versions such as Ubuntu 20.04 and 22.04, particularly in Docker environments where the render group is not consistently recognized. Request for Feedback: Seeking feedback and discussion from the Ubuntu community and maintainers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/2045768/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045768] Re: Proposal to Assign a Fixed Group ID to the render Group
** Also affects: base-passwd (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058500 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-passwd in Ubuntu. https://bugs.launchpad.net/bugs/2045768 Title: Proposal to Assign a Fixed Group ID to the render Group Status in base-passwd package in Ubuntu: Incomplete Status in base-passwd package in Debian: Unknown Bug description: Problem Statement: The lack of a fixed Group ID (GID) for the render group in Ubuntu leads to compatibility and security challenges, particularly in environments utilizing GPU resources. Description: This proposal recommends assigning GID 59 to the render group in the base-passwd/group.master file. The initiative aims to standardize GPU resource management across installations, enhancing system security and application compatibility. The transition of /dev/dri/renderD* from the video to the render group in SystemD has led to issues due to the lack of a fixed GID for render. This has impacted various projects and forced the community to adopt workarounds. https://github.com/systemd/systemd/commit/4e15a7343cb389e97f3eb4f49699161862d8b8b2#diff-8a70fecf0ff724cf610bf2a50eb64d8cb310079007e56d362987c4aefd5d21bb Proposed Change: Assign GID 59 to the render group or another GID that is more appropriate. Rationale: Consistency: A standardized GID ensures uniform access controls across various Linux installations. Security: Establishes clear and predictable permissions for GPU resources, reducing the need for elevated permissions. Compatibility: Supports applications that depend on GPU access, avoiding conflicts and permissions issues. Context and Documented Issues: Some examples of issues around this: https://github.com/blakeblackshear/frigate/issues/7640 https://unix.stackexchange.com/questions/747523/docker-permissions-issue-accessing-dev-dri-device https://github.com/linuxserver/docker-plex/issues/211 https://support.xilinx.com/s/question/0D52E6mfsHaSAI/permission-denied-when-running-hardware?language=en_US https://github.com/jellyfin/jellyfin/issues/9229 Impact on Ubuntu Versions: This issue affects versions such as Ubuntu 20.04 and 22.04, particularly in Docker environments where the render group is not consistently recognized. Request for Feedback: Seeking feedback and discussion from the Ubuntu community and maintainers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/2045768/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045768] Re: Proposal to Assign a Fixed Group ID to the render Group
Thank you Robie, I have submitted the bug report to Debian to follow up with them about this issue. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058500 ** Bug watch added: Debian Bug tracker #1058500 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058500 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-passwd in Ubuntu. https://bugs.launchpad.net/bugs/2045768 Title: Proposal to Assign a Fixed Group ID to the render Group Status in base-passwd package in Ubuntu: Incomplete Bug description: Problem Statement: The lack of a fixed Group ID (GID) for the render group in Ubuntu leads to compatibility and security challenges, particularly in environments utilizing GPU resources. Description: This proposal recommends assigning GID 59 to the render group in the base-passwd/group.master file. The initiative aims to standardize GPU resource management across installations, enhancing system security and application compatibility. The transition of /dev/dri/renderD* from the video to the render group in SystemD has led to issues due to the lack of a fixed GID for render. This has impacted various projects and forced the community to adopt workarounds. https://github.com/systemd/systemd/commit/4e15a7343cb389e97f3eb4f49699161862d8b8b2#diff-8a70fecf0ff724cf610bf2a50eb64d8cb310079007e56d362987c4aefd5d21bb Proposed Change: Assign GID 59 to the render group or another GID that is more appropriate. Rationale: Consistency: A standardized GID ensures uniform access controls across various Linux installations. Security: Establishes clear and predictable permissions for GPU resources, reducing the need for elevated permissions. Compatibility: Supports applications that depend on GPU access, avoiding conflicts and permissions issues. Context and Documented Issues: Some examples of issues around this: https://github.com/blakeblackshear/frigate/issues/7640 https://unix.stackexchange.com/questions/747523/docker-permissions-issue-accessing-dev-dri-device https://github.com/linuxserver/docker-plex/issues/211 https://support.xilinx.com/s/question/0D52E6mfsHaSAI/permission-denied-when-running-hardware?language=en_US https://github.com/jellyfin/jellyfin/issues/9229 Impact on Ubuntu Versions: This issue affects versions such as Ubuntu 20.04 and 22.04, particularly in Docker environments where the render group is not consistently recognized. Request for Feedback: Seeking feedback and discussion from the Ubuntu community and maintainers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/2045768/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045768] Re: Proposal to Assign a Fixed Group ID to the render Group
I don't have time to provide a fully researched answer, but I hope this will help. If you're not already familiar, I suggest you start at https://www.debian.org/doc/debian-policy/ch-opersys.html#users-and- groups. Ubuntu cannot allocate these without potential future collision with Debian. So you should ask Debian in the first instance. I'm pretty sure I speak for Ubuntu developers when I say that this cannot be considered for Ubuntu alone without a discussion in Debian first. ** Changed in: base-passwd (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-passwd in Ubuntu. https://bugs.launchpad.net/bugs/2045768 Title: Proposal to Assign a Fixed Group ID to the render Group Status in base-passwd package in Ubuntu: Incomplete Bug description: Problem Statement: The lack of a fixed Group ID (GID) for the render group in Ubuntu leads to compatibility and security challenges, particularly in environments utilizing GPU resources. Description: This proposal recommends assigning GID 59 to the render group in the base-passwd/group.master file. The initiative aims to standardize GPU resource management across installations, enhancing system security and application compatibility. The transition of /dev/dri/renderD* from the video to the render group in SystemD has led to issues due to the lack of a fixed GID for render. This has impacted various projects and forced the community to adopt workarounds. https://github.com/systemd/systemd/commit/4e15a7343cb389e97f3eb4f49699161862d8b8b2#diff-8a70fecf0ff724cf610bf2a50eb64d8cb310079007e56d362987c4aefd5d21bb Proposed Change: Assign GID 59 to the render group or another GID that is more appropriate. Rationale: Consistency: A standardized GID ensures uniform access controls across various Linux installations. Security: Establishes clear and predictable permissions for GPU resources, reducing the need for elevated permissions. Compatibility: Supports applications that depend on GPU access, avoiding conflicts and permissions issues. Context and Documented Issues: Some examples of issues around this: https://github.com/blakeblackshear/frigate/issues/7640 https://unix.stackexchange.com/questions/747523/docker-permissions-issue-accessing-dev-dri-device https://github.com/linuxserver/docker-plex/issues/211 https://support.xilinx.com/s/question/0D52E6mfsHaSAI/permission-denied-when-running-hardware?language=en_US https://github.com/jellyfin/jellyfin/issues/9229 Impact on Ubuntu Versions: This issue affects versions such as Ubuntu 20.04 and 22.04, particularly in Docker environments where the render group is not consistently recognized. Request for Feedback: Seeking feedback and discussion from the Ubuntu community and maintainers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/2045768/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
