Ubuntu
base-passwd package

Proposal to Assign a Fixed Group ID to the render Group

Bug #2045768 reported by Stanley Phoong
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
base-passwd (Debian)
New
Unknown
base-passwd (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

Problem Statement:
The lack of a fixed Group ID (GID) for the render group in Ubuntu leads to compatibility and security challenges, particularly in environments utilizing GPU resources.

Description:
This proposal recommends assigning GID 59 to the render group in the base-passwd/group.master file. The initiative aims to standardize GPU resource management across installations, enhancing system security and application compatibility.

The transition of /dev/dri/renderD* from the video to the render group in SystemD has led to issues due to the lack of a fixed GID for render. This has impacted various projects and forced the community to adopt workarounds.

https://github.com/systemd/systemd/commit/4e15a7343cb389e97f3eb4f49699161862d8b8b2#diff-8a70fecf0ff724cf610bf2a50eb64d8cb310079007e56d362987c4aefd5d21bb

Proposed Change:

    Assign GID 59 to the render group or another GID that is more appropriate.

Rationale:

    Consistency: A standardized GID ensures uniform access controls across various Linux installations.
    Security: Establishes clear and predictable permissions for GPU resources, reducing the need for elevated permissions.
    Compatibility: Supports applications that depend on GPU access, avoiding conflicts and permissions issues.

Context and Documented Issues:

    Some examples of issues around this:
    https://github.com/blakeblackshear/frigate/issues/7640
    https://unix.stackexchange.com/questions/747523/docker-permissions-issue-accessing-dev-dri-device
    https://github.com/linuxserver/docker-plex/issues/211
    https://support.xilinx.com/s/question/0D52E00006mfsHaSAI/permission-denied-when-running-hardware?language=en_US
    https://github.com/jellyfin/jellyfin/issues/9229

Impact on Ubuntu Versions:

    This issue affects versions such as Ubuntu 20.04 and 22.04, particularly in Docker environments where the render group is not consistently recognized.

Request for Feedback:

    Seeking feedback and discussion from the Ubuntu community and maintainers.

Revision history for this message
Robie Basak (racb) wrote :

I don't have time to provide a fully researched answer, but I hope this will help.

If you're not already familiar, I suggest you start at https://www.debian.org/doc/debian-policy/ch-opersys.html#users-and-groups. Ubuntu cannot allocate these without potential future collision with Debian. So you should ask Debian in the first instance.

I'm pretty sure I speak for Ubuntu developers when I say that this cannot be considered for Ubuntu alone without a discussion in Debian first.

Changed in base-passwd (Ubuntu):
status: New → Incomplete
Revision history for this message
Stanley Phoong (stanleyphoong001) wrote :

Thank you Robie, I have submitted the bug report to Debian to follow up with them about this issue.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058500

Bug Watch Updater (bug-watch-updater)
Changed in base-passwd (Debian):
status: Unknown → New
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.