From 7313069d4cd8ad5a95f1636735e62cef23199cd7 Mon Sep 17 00:00:00 2001
From: Kevin Klues <kklues@nvidia.com>
Date: Thu, 23 Jul 2020 14:44:22 +0000
Subject: [PATCH] Update getDevices() to account for getting the devices list
 from mounts

Signed-off-by: Kevin Klues <kklues@nvidia.com>
---
 pkg/container_config.go | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/pkg/container_config.go b/pkg/container_config.go
index fdb2c822..2981647a 100644
--- a/pkg/container_config.go
+++ b/pkg/container_config.go
@@ -240,7 +240,25 @@ func getDevicesFromMounts(root string, mounts []Mount) *string {
 }
 
 func getDevices(hookConfig *HookConfig, env map[string]string, mounts []Mount, privileged bool, legacyImage bool) *string {
-	return getDevicesFromEnvvar(env, legacyImage)
+	// Try and get the device list from mount volumes first
+	devices := getDevicesFromMounts(*hookConfig.DeviceListVolumeMount, mounts)
+	if devices != nil {
+		return devices
+	}
+
+	// Fallback to reading from the environment variable if privileges are correct
+	devices = getDevicesFromEnvvar(env, legacyImage)
+	if devices == nil {
+		return nil
+	}
+	if privileged || hookConfig.AcceptEnvvarUnprivileged {
+		return devices
+	}
+
+	// Error out otherwise
+	log.Panicln("insufficient privileges to read device list from NVIDIA_VISIBLE_DEVICES envvar")
+
+	return nil
 }
 
 func getMigConfigDevices(env map[string]string) *string {