OKD 3.11 selinux version broken?

[SteffenSeckler]

Wasn't able to get the new SELinux based version running. I ran into the following problems, when trying to get it started. Apparently some selinux error (running in project kube-system):

container_linux.go:247: starting container process caused "process_linux.go:364: container init caused \"write /proc/self/task/1/attr/exec: invalid argument\""

ls -dZ /dev/nvidia*

crw-rw-rw-. root root system_u:object_r:container_file_t:s0 /dev/nvidia0
crw-rw-rw-. root root system_u:object_r:container_file_t:s0 /dev/nvidiactl
crw-rw-rw-. root root system_u:object_r:container_file_t:s0 /dev/nvidia-modeset
crw-rw-rw-. root root system_u:object_r:container_file_t:s0 /dev/nvidia-uvm
crw-rw-rw-. root root system_u:object_r:container_file_t:s0 /dev/nvidia-uvm-tools

The old serviceaccount/scc based version is running fine.

System

OKD v3.11 CentOS 7.6.1810

[jeremyeder]

We have updated instructions for 3.11 that include some simplification in this area. @zvonkok are they ready to be posted?

[SteffenSeckler]

any update here?

[SteffenSeckler]

don't want to be impatient, but do you have those instructions available? would also volunteer to test, if the need is there ;) @jeremyeder @zvonkok

[rob-baron]

I am getting the same error when I try to run a GPU enabled container in OpenShift.

Is there a work-a-round or instructions available?

[SteffenSeckler]

don't use the current master, 229513e3c086d1dcb59b2dc741ab9898208b7137 still works (at least somehow). afterwards they have changed a few things to switch to selinux, but never updated or published the appropriate documentation for that...

[zvonkok]

Here are updated instructions on how to use GPUs with 3.11

https://github.com/zvonkok/origin-ci-gpu/blob/release-3.11/doc/How%20to%20use%20GPUs%20with%20DevicePlugin%20in%20OpenShift%203.11%20.pdf