diff --git a/cmd/nvidia-container-runtime-hook/main.go b/cmd/nvidia-container-runtime-hook/main.go
index cf2322ef..e864a51d 100644
--- a/cmd/nvidia-container-runtime-hook/main.go
+++ b/cmd/nvidia-container-runtime-hook/main.go
@@ -114,6 +114,9 @@ func doPrestart() {
 	}
 	args = append(args, "configure")
 
+	if !hook.Features.AllowCUDACompatLibsFromContainer.IsEnabled() {
+		args = append(args, "--no-cntlibs")
+	}
 	if ldconfigPath := cli.NormalizeLDConfigPath(); ldconfigPath != "" {
 		args = append(args, fmt.Sprintf("--ldconfig=%s", ldconfigPath))
 	}
diff --git a/internal/config/features.go b/internal/config/features.go
index 396e0b8c..0d511398 100644
--- a/internal/config/features.go
+++ b/internal/config/features.go
@@ -18,6 +18,9 @@ package config
 
 // features specifies a set of named features.
 type features struct {
+	// AllowCUDACompatLibsFromContainer allows CUDA compat libs from a container
+	// to override certain driver library mounts from the host.
+	AllowCUDACompatLibsFromContainer *feature `toml:"allow-cuda-compat-libs-from-container,omitempty"`
 	// AllowLDConfigFromContainer allows non-host ldconfig paths to be used.
 	// If this feature flag is not set to 'true' only host-rooted config paths
 	// (i.e. paths starting with an '@' are considered valid)
diff --git a/third_party/libnvidia-container b/third_party/libnvidia-container
index 16f37fca..f23e5e55 160000
--- a/third_party/libnvidia-container
+++ b/third_party/libnvidia-container
@@ -1 +1 @@
-Subproject commit 16f37fcafcbdaf67525135104d60d98d36688ba9
+Subproject commit f23e5e55ea27b3680aef363436d4bcf7659e0bfc