debian/ubuntu may need privileged to share /dev/dri, crashes on chromebook without it

[ericcurtin]

No description provided.

[rhatdan]

Privileged container or to run as root?

[ericcurtin]

I think the fix for this is just to add a "--privileged" option to RamaLama for these kinda platforms.

[ericcurtin]

The ChromeOS Linux environment is a Debian-based environment and needs this. To be fair the ChromeOS environment is:

ChromeOS Linux Distro->crosvm->some other Linux Distro->lxc/lxd->Debian->podman (via RamaLama)->ubi9

so it's a lot of layers, but it works! Sometimes it needs "--privileged" and sometimes it doesn't oddly enough (today it's fine, but other days I boot it up and it needs "--privileged" to access /dev/dri).

[ericcurtin]

It's probably a ChromeOS bug at the root, but still a --privileged option would do no harm, always off by default

[ericcurtin]

It's a rootless podman container I was using on ChromeOS

[ericcurtin]

We will actually be Android compatible in the next release of Android also

[ericcurtin]

Google are currently porting this Linux guest VM ChromeOS environment to Android

[ericcurtin]

#572

[rhatdan]

Not sure why this would be fixed by --privileged. We already disable SELinux.

The only reason that I know of for /dev/dri not being accessible would be DAC (UID/Permissions) not being correct, and --privileged would not fix this.

If we got into this situation, I would like to debug what is actually the problem.

[ericcurtin]

Not sure why this would be fixed by --privileged. We already disable SELinux.

The only reason that I know of for /dev/dri not being accessible would be DAC (UID/Permissions) not being correct, and --privileged would not fix this.

If we got into this situation, I would like to debug what is actually the problem.

It maybe ChromeOS-specific, --privileged does fix it, whatever it is. Anything I should paste here next time I see it?

[rhatdan]

I would want to see the ownership of /dev/dri
ls -lZ /dev/dri