From bc9180b59d064204be76c78aa1435e957a928b35 Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Wed, 18 Sep 2024 22:20:56 +0200
Subject: [PATCH 1/2] Expose opt-in features in toolkit-container

This change enables opt-in (off-by-default) features to be opted into.
These features can be toggled by name by specifying the (repeated)
--opt-in-features command line argument or as a comma-separated list
in the NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES environment variable.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 tools/container/toolkit/toolkit.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tools/container/toolkit/toolkit.go b/tools/container/toolkit/toolkit.go
index 937798e6..43e68ca5 100644
--- a/tools/container/toolkit/toolkit.go
+++ b/tools/container/toolkit/toolkit.go
@@ -79,6 +79,8 @@ type Options struct {
 	acceptNVIDIAVisibleDevicesAsVolumeMounts   bool
 
 	ignoreErrors bool
+
+	optInFeatures cli.StringSlice
 }
 
 func Flags(opts *Options) []cli.Flag {
@@ -202,6 +204,12 @@ func Flags(opts *Options) []cli.Flag {
 			Destination: &opts.createDeviceNodes,
 			EnvVars:     []string{"CREATE_DEVICE_NODES"},
 		},
+		&cli.StringSliceFlag{
+			Name:        "opt-in-features",
+			Hidden:      true,
+			Destination: &opts.optInFeatures,
+			EnvVars:     []string{"NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES"},
+		},
 	}
 
 	return flags
@@ -457,6 +465,10 @@ func installToolkitConfig(c *cli.Context, toolkitConfigPath string, nvidiaContai
 		configValues["nvidia-container-runtime.runtimes"] = toolkitRuntimeList
 	}
 
+	for _, optInFeature := range opts.optInFeatures.Value() {
+		configValues["features."+optInFeature] = true
+	}
+
 	for key, value := range configValues {
 		cfg.Set(key, value)
 	}
@@ -471,6 +483,7 @@ func installToolkitConfig(c *cli.Context, toolkitConfigPath string, nvidiaContai
 		"nvidia-container-runtime.runtimes":                      opts.ContainerRuntimeRuntimes,
 		"nvidia-container-cli.debug":                             opts.ContainerCLIDebug,
 	}
+
 	for key, value := range optionalConfigValues {
 		if !c.IsSet(key) {
 			log.Infof("Skipping unset option: %v", key)

From 457d71c170e20fa4497d46d012c84cd759687aa4 Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Mon, 14 Oct 2024 13:49:47 +0200
Subject: [PATCH 2/2] Add disable-imex-channel-creation feature flag

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 cmd/nvidia-container-runtime-hook/main.go | 3 +++
 internal/config/features.go               | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/cmd/nvidia-container-runtime-hook/main.go b/cmd/nvidia-container-runtime-hook/main.go
index faaf0b51..1f4bd525 100644
--- a/cmd/nvidia-container-runtime-hook/main.go
+++ b/cmd/nvidia-container-runtime-hook/main.go
@@ -95,6 +95,9 @@ func doPrestart() {
 	if cli.LoadKmods {
 		args = append(args, "--load-kmods")
 	}
+	if hook.Features.DisableImexChannelCreation.IsEnabled() {
+		args = append(args, "--no-create-imex-channels")
+	}
 	if cli.NoPivot {
 		args = append(args, "--no-pivot")
 	}
diff --git a/internal/config/features.go b/internal/config/features.go
index f92ca99e..80d3c95a 100644
--- a/internal/config/features.go
+++ b/internal/config/features.go
@@ -18,6 +18,9 @@ package config
 
 // features specifies a set of named features.
 type features struct {
+	// DisableImexChannelCreation ensures that the implicit creation of
+	// requested IMEX channels is skipped when invoking the nvidia-container-cli.
+	DisableImexChannelCreation *feature `toml:"disable-imex-channel-creation,omitempty"`
 }
 
 //nolint:unused