UniqAI/nvidia-container-toolkit
1
0
Fork 0
mirror of https://github.com/NVIDIA/nvidia-container-toolkit synced 2025-06-26 18:18:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update ipcMount to add noexec option

Browse Source 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This commit is contained in:
Evan Lezar
2023-02-07 12:11:02 +01:00
parent 33c7b056ea
commit 076eed7eb4
3 changed files with 69 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/nvidia-ctk/cdi/generate/generate.go
View File

@@ -243,11 +243,6 @@ func (m command) generateSpec(driverRoot string, nvidiaCTKPath string, namer dev
if err != nil {
return nil, fmt.Errorf("failed to create container edits for IPC sockets: %v", err)
}
// TODO: We should not have to update this after the fact
for _, s := range ipcEdits.Mounts {
s.Options = append(s.Options, "noexec")
}
allEdits.Append(ipcEdits)
common, err := NewCommonDiscoverer(m.logger, driverRoot, nvidiaCTKPath, nvmllib)