On Tue, May 22, 2012 at 2:02 PM, William Hay <[email protected]> wrote: > Well currently we have our prolog chgrp the appropriate number of > /dev/nvidia? files to the group associated with the job thereby > controlling access to GPUs.
William, That's why we are planning to support device whitelisting using the Device Whitelist Controller: http://www.kernel.org/doc/Documentation/cgroups/devices.txt Besides GPU devices, there is also the use case for whitelisting InfiniBand interfaces. > I'm currently setting up $TMPDIR as a separate tmpfs file system for > each job and am chgrping that to the job's associated group > in the process. In cgroups, there is also the namespace controller for this purpose. > In general access control for anything that looks like a file and > under unix it is alleged "everything is a file". I can see the flexiblity it brings by combining the extra GID & the "everything is a file" philosophy. Our cgroup integration code should be able to add an extra & unique GID to every job, but IMO by default Grid Engine should not attach this extra GID as it can affect applications that want to resolve GIDs - so most likely we will have an option to enable this. Rayson > > > William _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
