From 3056428edafa2294a39703e917e0f4eb6cd373ce Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Tue, 2 May 2023 16:28:03 +0200 Subject: [PATCH] Generate spec file with 644 permissions Signed-off-by: Evan Lezar --- CHANGELOG.md | 1 + cmd/nvidia-ctk/cdi/generate/generate.go | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 757130f1..40eaaaa9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ * Add support for updating containerd configs to the `nvidia-ctk runtime configure` command. * Create file in `etc/ld.so.conf.d` with permissions `644` to support non-root containers. +* Generate CDI specification files with `644` permissions to allow rootless applications (e.g. podman) ## v1.13.1 diff --git a/cmd/nvidia-ctk/cdi/generate/generate.go b/cmd/nvidia-ctk/cdi/generate/generate.go index 6ab27b00..a81f41a5 100644 --- a/cmd/nvidia-ctk/cdi/generate/generate.go +++ b/cmd/nvidia-ctk/cdi/generate/generate.go @@ -251,6 +251,7 @@ func (m command) generateSpec(cfg *config) (spec.Interface, error) { spec.WithDeviceSpecs(deviceSpecs), spec.WithEdits(*commonEdits.ContainerEdits), spec.WithFormat(cfg.format), + spec.WithPermissions(0644), ) }