Opensuse Leap 15.4 + LXD, nvida GPU, "Failed to initialize NVML: Insufficient Permissions"

LXD
1

I am able to access my GPU in an LXD container as root, but as a normal user I am not.

Inside the container the Nvidia card has the following permissions:

ls -hal /dev/nvidia*
crw-rw---- 1 root root             195, 254 Dec 21 10:04 /dev/nvidia-modeset
crw-rw---- 1 root root             235,   0 Dec 21 10:04 /dev/nvidia-uvm
crw-rw---- 1 root root             235,   1 Dec 21 10:04 /dev/nvidia-uvm-tools
crw-rw---- 1 root systemd-timesync 195,   0 Dec 21 10:04 /dev/nvidia0
crw-rw---- 1 root systemd-timesync 195, 255 Dec 21 10:04 /dev/nvidiactl

And on the host:

 ls -hal /dev/nvidia*
crw-rw----+ 1 root video 195, 254 Dec 20 09:39 /dev/nvidia-modeset
crw-rw----+ 1 root video 235,   0 Dec 20 09:39 /dev/nvidia-uvm
crw-rw----+ 1 root video 235,   1 Dec 20 09:39 /dev/nvidia-uvm-tools
crw-rw----+ 1 root video 195,   0 Dec 20 09:39 /dev/nvidia0
crw-rw----+ 1 root video 195, 255 Dec 20 09:39 /dev/nvidiactl

Is there a way to tell LXD to set the same permissions for the device? If not what should I read to learn how solve this? The system obviously expects root permissions to use the device inside the container and on the host it wants users to be in the video group. I have never had to change permissions on anything in /dev before but this my first time using an Nvidia Quadro card.

2

Are you using nvidia.runtime=true?

3

No, I have not set that flag. For the time being I have just run chown root:video on the video devices, but that isn’t persistent. Will I need to install nvidia runtime on the host, in the container, or both?

4

lxc config set NAME nvidia.runtime=true

If using the snap package, then you don’t have to install anything on the host to use it.
If using a native package (as it sounds like you may be), you’ll likely need to install a suitable package of the nvidia-container-cli tool.

I’m asking about that option because it uses a completely different path to handle some of those devices and also come with the convenient advantage of not having to install the drivers and libraries inside of the container.