-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
question about privileged mode for labeller #59
Comments
The labeller interact with the driver to get firmware version information:
Are you saying that can be done without privileged? |
Maybe. Kubernetes takes care of mounting hostPath volumes, even a completely unprivileged pod can use a hostPath to read in /dev. If writing to the device path is required it would be a different matter. You'd think the device could expose firmware versions with only a read call. So would it work if
However the other part is that the devices are mode 660.
Why not 664 so anyone could read? |
I think 660 is the default for most device. It's not clear to me what read-only mean for a device file since it's more like a pseudo file? I can potentially just open renderD128 instead but I think the permission is still specific to the system/distro. (I just checked two system I have access to and both render and card are 660.) |
Yes I am also not sure how read/write file permissions map to the interaction with a device using a pseudo file, I guess it depends on how the device API works, in particular if the device file just exposes some readable information or if you have to send a query to it (write) to request driver information. Is there a disadvantage to read-only access of /dev/dri/renderD128 ? It looks like that is readable to everyone. If the labeller could run without privileged mode that would be a very nice improvement. |
Description of errors
Labeller daemonset is privileged: https://github.com/ROCm/k8s-device-plugin/blob/master/helm/amd-gpu/templates/labeller.yaml#L66
There is a comment: "#Needed for /dev"
Is read-only access to /dev and /sys sufficient for the labeller to detect the GPU properties?
A pod does not need to be privileged to use a hostPath volume.
What is more, a privileged pod does not need a hostPath to read /dev (it could just nsenter the mount namespace of the host).
More information about the exact requirement of the labeller could help significantly improve the security of the deployment. @y2kenny any insights?
Attach any links, screenshots, or additional evidence you think will be helpful.
No response
The text was updated successfully, but these errors were encountered: