From 65ef5e38dd7194ce2153639cdb793fd7ab745c28 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Fri, 10 Jan 2025 10:25:56 +0100 Subject: [PATCH 1/4] [no-relnote] Sort feature flags Signed-off-by: Evan Lezar --- internal/config/features.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/config/features.go b/internal/config/features.go index b418daef..396e0b8c 100644 --- a/internal/config/features.go +++ b/internal/config/features.go @@ -18,13 +18,13 @@ package config // features specifies a set of named features. type features struct { - // DisableImexChannelCreation ensures that the implicit creation of - // requested IMEX channels is skipped when invoking the nvidia-container-cli. - DisableImexChannelCreation *feature `toml:"disable-imex-channel-creation,omitempty"` // AllowLDConfigFromContainer allows non-host ldconfig paths to be used. // If this feature flag is not set to 'true' only host-rooted config paths // (i.e. paths starting with an '@' are considered valid) AllowLDConfigFromContainer *feature `toml:"allow-ldconfig-from-container,omitempty"` + // DisableImexChannelCreation ensures that the implicit creation of + // requested IMEX channels is skipped when invoking the nvidia-container-cli. + DisableImexChannelCreation *feature `toml:"disable-imex-channel-creation,omitempty"` } type feature bool From f2b3e8d3818af5d9f4eb3e56ca52da014970bc6f Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Fri, 10 Jan 2025 10:44:11 +0100 Subject: [PATCH 2/4] Disable mounting of compat libs from container This change passes the --no-cntlibs argument to the nvidia-container-cli from the nvidia-container-runtime-hook to disable overwriting host drivers with the compat libs from a container being started. Note that this may be a breaking change for some applications. Signed-off-by: Evan Lezar --- cmd/nvidia-container-runtime-hook/main.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmd/nvidia-container-runtime-hook/main.go b/cmd/nvidia-container-runtime-hook/main.go index cf2322ef..c9380800 100644 --- a/cmd/nvidia-container-runtime-hook/main.go +++ b/cmd/nvidia-container-runtime-hook/main.go @@ -114,6 +114,8 @@ func doPrestart() { } args = append(args, "configure") + args = append(args, "--no-cntlibs") + if ldconfigPath := cli.NormalizeLDConfigPath(); ldconfigPath != "" { args = append(args, fmt.Sprintf("--ldconfig=%s", ldconfigPath)) } From 2310ed76d8b67ac7477467fe3f374ff0a319b4a7 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Fri, 10 Jan 2025 10:30:39 +0100 Subject: [PATCH 3/4] Add allow-cuda-compat-libs-from-container feature flag This change adds an allow-cuda-compat-libs-from-container feature flag to the NVIDIA Container Toolkit config. This allows a user to opt-in to the previous default behaviour of overriding certain driver libraries with CUDA compat libraries from the container. Signed-off-by: Evan Lezar --- cmd/nvidia-container-runtime-hook/main.go | 5 +++-- internal/config/features.go | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cmd/nvidia-container-runtime-hook/main.go b/cmd/nvidia-container-runtime-hook/main.go index c9380800..e864a51d 100644 --- a/cmd/nvidia-container-runtime-hook/main.go +++ b/cmd/nvidia-container-runtime-hook/main.go @@ -114,8 +114,9 @@ func doPrestart() { } args = append(args, "configure") - args = append(args, "--no-cntlibs") - + if !hook.Features.AllowCUDACompatLibsFromContainer.IsEnabled() { + args = append(args, "--no-cntlibs") + } if ldconfigPath := cli.NormalizeLDConfigPath(); ldconfigPath != "" { args = append(args, fmt.Sprintf("--ldconfig=%s", ldconfigPath)) } diff --git a/internal/config/features.go b/internal/config/features.go index 396e0b8c..0d511398 100644 --- a/internal/config/features.go +++ b/internal/config/features.go @@ -18,6 +18,9 @@ package config // features specifies a set of named features. type features struct { + // AllowCUDACompatLibsFromContainer allows CUDA compat libs from a container + // to override certain driver library mounts from the host. + AllowCUDACompatLibsFromContainer *feature `toml:"allow-cuda-compat-libs-from-container,omitempty"` // AllowLDConfigFromContainer allows non-host ldconfig paths to be used. // If this feature flag is not set to 'true' only host-rooted config paths // (i.e. paths starting with an '@' are considered valid) From 07f45ea74f7415078befd2509f14222082bf8ca2 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 15 Jan 2025 13:31:58 +0100 Subject: [PATCH 4/4] Bump libnvidia-container to f23e5e55 Signed-off-by: Evan Lezar --- third_party/libnvidia-container | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/libnvidia-container b/third_party/libnvidia-container index 16f37fca..f23e5e55 160000 --- a/third_party/libnvidia-container +++ b/third_party/libnvidia-container @@ -1 +1 @@ -Subproject commit 16f37fcafcbdaf67525135104d60d98d36688ba9 +Subproject commit f23e5e55ea27b3680aef363436d4bcf7659e0bfc