https://bugzilla.novell.com/show_bug.cgi?id=879767
https://bugzilla.novell.com/show_bug.cgi?id=879767#c4
--- Comment #4 from Daniel Dadap 2014-05-27 18:18:07 UTC ---
CUDA doesn't need root. It needs the nvidia.ko and nvidia-uvm.ko kernel modules
to be loaded, and it needs the /dev/nvidia$gpu, /dev/nvidiactl, and
/dev/nvidia-uvm device files to be created, and it needs r/w access to those
device files. As long as a user with sufficient privileges takes care of these
requirements ahead of time, any user that can read from and write to those
files will be able to use CUDA applications.
nvidia-modprobe was designed to allow non-privileged users to load and create
the NVIDIA modules and device files in a distro-agnostic fashion. Some distros
have adopted nvidia-modprobe, but in general we expected that many distros
would want to solve these problems in their own, distro-specific ways. If
nvidia-modprobe cannot be made suid root, then it's pretty pointless to package
it, since superusers can already load modules and create device files without
the help of nvidia-modprobe, and in the absence of the nvidia-modprobe binary,
CUDA programs will still be able to load the modules and create the device
files when run as root.
If nvidia-modprobe is not installed or is installed as a non-suid-root binary,
then other means will be needed to ensure that the nvidia-uvm module be loaded
and the nvidia-uvm device file created before starting an unprivileged CUDA
program. Normally I would recommend doing the same thing that is done for the
nvidia kernel module and the other device files, but I can't see anything in
the SUSE RPM packages that explicitly loads that module or creates those device
files. I presume that the SUSE driver package relies on X (which runs suid
root) for this, which won't be sufficient for CUDA, since the NVIDIA X driver
does not depend on nvidia-uvm. I don't have any specific suggestions, but udev
rules and init scripts are some ways that the module loading and device file
creation can be taken care of without using nvidia-modprobe.
If you would like to adopt nvidia-modprobe, but have security concerns which
prevent you from installing it suid root as intended, feel free to audit the
source[1], and report any issues you find to unix-security@nvidia.com.
[1] https://github.com/nvidia/nvidia-modprobe
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.