Works rootless on Ubuntu 18.  Does not work rootless on CentOS 7...how come?

Lou.

On Tue, Oct 15, 2019 at 9:15 AM Giuseppe Scrivano <gscrivan@redhat.com> wrote:
Lou DeGenaro <lou.degenaro@gmail.com> writes:

> [37mDEBU [0m[0010] Received container pid: -1                   
> [37mDEBU [0m[0010] Cleaning up container 75bb8e197bea3d0c56f5060ab5e1388a1bdcab354e9820bd5554d3bf273a54d8
> [37mDEBU [0m[0010] Network is already cleaned up, skipping...   
> [37mDEBU [0m[0010] unmounted container "75bb8e197bea3d0c56f5060ab5e1388a1bdcab354e9820bd5554d3bf273a54d8"
> [37mDEBU [0m[0010] Cleaning up container 75bb8e197bea3d0c56f5060ab5e1388a1bdcab354e9820bd5554d3bf273a54d8
> [37mDEBU [0m[0010] Network is already cleaned up, skipping...   
> [37mDEBU [0m[0010] Container 75bb8e197bea3d0c56f5060ab5e1388a1bdcab354e9820bd5554d3bf273a54d8 storage is already unmounted, skipping...
> [37mDEBU [0m[0010] Container 75bb8e197bea3d0c56f5060ab5e1388a1bdcab354e9820bd5554d3bf273a54d8 storage is already unmounted, skipping...
> [31mERRO [0m[0010] container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"process_linux.go:413: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr:
> nvidia-container-cli: mount error: open failed: /sys/fs/cgroup/devices/user.slice/devices.allow: permission denied\\\\n\\\"\""

looks like the NVIDIA OCI hook tries to handle the devices cgroup for
the container.  As rootless user you have not enough privileges for
doing that.

Giuseppe