UniqAI/nvidia-container-toolkit
1
0
Fork 0
mirror of https://github.com/NVIDIA/nvidia-container-toolkit synced 2024-11-25 21:39:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check accept-nvidia-visible-devices-envvar-when-unprivileged option for CDI

Browse Source 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This commit is contained in:
Evan Lezar 2023-03-09 11:15:34 +02:00
parent 154cd4ecf3
commit 973e7bda5e
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
internal/modifier/cdi.go
View File

@ -37,7 +37,7 @@ type cdiModifier struct {
// CDI specifications available on the system. The NVIDIA_VISIBLE_DEVICES enviroment variable is // CDI specifications available on the system. The NVIDIA_VISIBLE_DEVICES enviroment variable is
// used to select the devices to include. // used to select the devices to include.
func NewCDIModifier(logger *logrus.Logger, cfg *config.Config, ociSpec oci.Spec) (oci.SpecModifier, error) { func NewCDIModifier(logger *logrus.Logger, cfg *config.Config, ociSpec oci.Spec) (oci.SpecModifier, error) {
devices, err := getDevicesFromSpec(logger, ociSpec, cfg.NVIDIAContainerRuntimeConfig.Modes.CDI.DefaultKind) devices, err := getDevicesFromSpec(logger, ociSpec, cfg)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to get required devices from OCI specification: %v", err) return nil, fmt.Errorf("failed to get required devices from OCI specification: %v", err)
} }
@ -61,7 +61,7 @@ func NewCDIModifier(logger *logrus.Logger, cfg *config.Config, ociSpec oci.Spec)
return m, nil return m, nil
} }
func getDevicesFromSpec(logger *logrus.Logger, ociSpec oci.Spec, defaultKind string) ([]string, error) { func getDevicesFromSpec(logger *logrus.Logger, ociSpec oci.Spec, cfg *config.Config) ([]string, error) {
rawSpec, err := ociSpec.Load() rawSpec, err := ociSpec.Load()
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to load OCI spec: %v", err) return nil, fmt.Errorf("failed to load OCI spec: %v", err)
@ -75,17 +75,17 @@ func getDevicesFromSpec(logger *logrus.Logger, ociSpec oci.Spec, defaultKind str
return annotationDevices, nil return annotationDevices, nil
} }
image, err := image.NewCUDAImageFromSpec(rawSpec) container, err := image.NewCUDAImageFromSpec(rawSpec)
if err != nil { if err != nil {
return nil, err return nil, err
} }
envDevices := image.DevicesFromEnvvars(visibleDevicesEnvvar) envDevices := container.DevicesFromEnvvars(visibleDevicesEnvvar)
var devices []string var devices []string
seen := make(map[string]bool) seen := make(map[string]bool)
for _, name := range envDevices.List() { for _, name := range envDevices.List() {
if !cdi.IsQualifiedName(name) { if !cdi.IsQualifiedName(name) {
name = fmt.Sprintf("%s=%s", defaultKind, name) name = fmt.Sprintf("%s=%s", cfg.NVIDIAContainerRuntimeConfig.Modes.CDI.DefaultKind, name)
} }
if seen[name] { if seen[name] {
logger.Debugf("Ignoring duplicate device %q", name) logger.Debugf("Ignoring duplicate device %q", name)
@ -94,6 +94,16 @@ func getDevicesFromSpec(logger *logrus.Logger, ociSpec oci.Spec, defaultKind str
devices = append(devices, name) devices = append(devices, name)
} }
if len(devices) == 0 {
return nil, nil
}
if cfg.AcceptEnvvarUnprivileged || image.IsPrivileged(rawSpec) {
return devices, nil
}
logger.Warningf("Ignoring devices specified in NVIDIA_VISIBLE_DEVICES: %v", devices)
return devices, nil return devices, nil
} }