[Bug 2045768] Re: Proposal to Assign a Fixed Group ID to the render Group

Stanley Phoong 2045768 at bugs.launchpad.net
Tue Dec 12 18:16:33 UTC 2023 

Thank you Robie, I have submitted the bug report to Debian to follow up
with them about this issue.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058500

** Bug watch added: Debian Bug tracker #1058500
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058500

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to base-passwd in Ubuntu.
https://bugs.launchpad.net/bugs/2045768

Title:
  Proposal to Assign a Fixed Group ID to the render Group

Status in base-passwd package in Ubuntu:
  Incomplete

Bug description:
  Problem Statement:
  The lack of a fixed Group ID (GID) for the render group in Ubuntu leads to compatibility and security challenges, particularly in environments utilizing GPU resources.

  Description:
  This proposal recommends assigning GID 59 to the render group in the base-passwd/group.master file. The initiative aims to standardize GPU resource management across installations, enhancing system security and application compatibility.

  The transition of /dev/dri/renderD* from the video to the render group
  in SystemD has led to issues due to the lack of a fixed GID for
  render. This has impacted various projects and forced the community to
  adopt workarounds.

  https://github.com/systemd/systemd/commit/4e15a7343cb389e97f3eb4f49699161862d8b8b2#diff-8a70fecf0ff724cf610bf2a50eb64d8cb310079007e56d362987c4aefd5d21bb

  Proposed Change:

      Assign GID 59 to the render group or another GID that is more
  appropriate.

  Rationale:

      Consistency: A standardized GID ensures uniform access controls across various Linux installations.
      Security: Establishes clear and predictable permissions for GPU resources, reducing the need for elevated permissions.
      Compatibility: Supports applications that depend on GPU access, avoiding conflicts and permissions issues.

  Context and Documented Issues:

      Some examples of issues around this:
      https://github.com/blakeblackshear/frigate/issues/7640
      https://unix.stackexchange.com/questions/747523/docker-permissions-issue-accessing-dev-dri-device
      https://github.com/linuxserver/docker-plex/issues/211
      https://support.xilinx.com/s/question/0D52E00006mfsHaSAI/permission-denied-when-running-hardware?language=en_US
      https://github.com/jellyfin/jellyfin/issues/9229

  Impact on Ubuntu Versions:

      This issue affects versions such as Ubuntu 20.04 and 22.04,
  particularly in Docker environments where the render group is not
  consistently recognized.

  Request for Feedback:

      Seeking feedback and discussion from the Ubuntu community and
  maintainers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/2045768/+subscriptions

More information about the foundations-bugs mailing list