Only allow host-relative LDConfig paths

This change only allows host-relative LDConfig paths. An allow-ldconfig-from-container feature flag is added to allow for this the default behaviour to be changed. Signed-off-by: Evan Lezar <elezar@nvidia.com>
2025-06-26 18:18:24 +00:00 · 2024-09-11 16:47:16 +02:00
parent c0764366d9
commit 00f1d5a627
8 changed files with 247 additions and 54 deletions
--- a/tools/container/toolkit/toolkit_test.go
+++ b/tools/container/toolkit/toolkit_test.go
@@ -161,7 +161,7 @@ kind: example.com/class
 			// Ensure that the config file has the required contents.
 			// TODO: Add checks for additional config options.
 			require.Equal(t, "/host/driver/root", cfg.NVIDIAContainerCLIConfig.Root)
-			require.Equal(t, "@/host/driver/root/sbin/ldconfig", cfg.NVIDIAContainerCLIConfig.Ldconfig)
+			require.Equal(t, "@/host/driver/root/sbin/ldconfig", string(cfg.NVIDIAContainerCLIConfig.Ldconfig))
 			require.EqualValues(t, filepath.Join(toolkitRoot, "nvidia-container-cli"), cfg.NVIDIAContainerCLIConfig.Path)
 			require.EqualValues(t, filepath.Join(toolkitRoot, "nvidia-ctk"), cfg.NVIDIACTKConfig.Path)