Merge commit from fork

Disable mounting of compat libs from container by default
NVIDIA · Jan 23, 2025 · 7ae5c29 · 7ae5c29
2 parents c22f3bd + 6b23674
commit 7ae5c29
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/cmd/nvidia-container-runtime-hook/main.go b/cmd/nvidia-container-runtime-hook/main.go
@@ -114,6 +114,9 @@ func doPrestart() {
 	}
 	args = append(args, "configure")
 
+	if !hook.Features.AllowCUDACompatLibsFromContainer.IsEnabled() {
+		args = append(args, "--no-cntlibs")
+	}
 	if ldconfigPath := cli.NormalizeLDConfigPath(); ldconfigPath != "" {
 		args = append(args, fmt.Sprintf("--ldconfig=%s", ldconfigPath))
 	}

diff --git a/internal/config/features.go b/internal/config/features.go
@@ -18,6 +18,9 @@ package config
 
 // features specifies a set of named features.
 type features struct {
+	// AllowCUDACompatLibsFromContainer allows CUDA compat libs from a container
+	// to override certain driver library mounts from the host.
+	AllowCUDACompatLibsFromContainer *feature `toml:"allow-cuda-compat-libs-from-container,omitempty"`
 	// AllowLDConfigFromContainer allows non-host ldconfig paths to be used.
 	// If this feature flag is not set to 'true' only host-rooted config paths
 	// (i.e. paths starting with an '@' are considered valid)

diff --git a/third_party/libnvidia-container b/third_party/libnvidia-container
+5 −0		src/cli/configure.c
+5 −0		src/cli/list.c
+3 −3		src/nvc_container.c