Create ld.so.conf file with permissions 644

By default, temporary files are created with permissions 600 and this means that the files created when updating the ldcache are not readable in non-root containers. Signed-off-by: Evan Lezar <elezar@nvidia.com>
2024-11-22 08:18:32 +00:00 · 2023-04-28 13:40:06 +02:00 · 2023-04-28 13:40:06 +02:00 · d77f46aa09
commit d77f46aa09
parent 043e283db3
2 changed files with 6 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@
 ## v1.14.0-rc.1

 * Add support for updating containerd configs to the `nvidia-ctk runtime configure` command.
+* Create file in `etc/ld.so.conf.d` with permissions `644` to support non-root containers.

 ## v1.13.1

--- a/cmd/nvidia-ctk/hook/update-ldcache/update-ldcache.go
+++ b/cmd/nvidia-ctk/hook/update-ldcache/update-ldcache.go
@ -135,5 +135,10 @@ func (m command) createConfig(root string, folders []string) error {
 		configured[folder] = true
 	}

+	// The created file needs to be world readable for the cases where the container is run as a non-root user.
+	if err := os.Chmod(configFile.Name(), 0644); err != nil {
+		return fmt.Errorf("failed to chmod config file: %v", err)
+	}
+
 	return nil
 }