From d80657dd0a9d1826ad884aa53ad8631f349b7597 Mon Sep 17 00:00:00 2001 From: Jared Baur Date: Thu, 14 Dec 2023 16:49:55 -0800 Subject: [PATCH] Explicitly set ldconfig cache and config file Since the `update-ldcache` hook uses the host's `ldconfig`, the default cache and config files configured on the host will be used. If those defaults differ from what nvidia-ctk expects it to be (/etc/ld.so.cache and /etc/ld.so.conf, respectively), then the hook will fail. This change makes the call to ldconfig explicit in which cache and config files are being used. Signed-off-by: Jared Baur --- cmd/nvidia-ctk/hook/update-ldcache/update-ldcache.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/cmd/nvidia-ctk/hook/update-ldcache/update-ldcache.go b/cmd/nvidia-ctk/hook/update-ldcache/update-ldcache.go index b65a01c5..55ab7116 100644 --- a/cmd/nvidia-ctk/hook/update-ldcache/update-ldcache.go +++ b/cmd/nvidia-ctk/hook/update-ldcache/update-ldcache.go @@ -100,21 +100,27 @@ func (m command) run(c *cli.Context, cfg *options) error { args = append(args, "-r", containerRoot) } - if !root(containerRoot).hasPath("/etc/ld.so.cache") { + if root(containerRoot).hasPath("/etc/ld.so.cache") { + args = append(args, "-C", "/etc/ld.so.cache") + } else { m.logger.Debugf("No ld.so.cache found, skipping update") args = append(args, "-N") } folders := cfg.folders.Value() if root(containerRoot).hasPath("/etc/ld.so.conf.d") { - err = m.createConfig(containerRoot, folders) + err := m.createConfig(containerRoot, folders) if err != nil { - return fmt.Errorf("failed to update ld.so.conf: %v", err) + return fmt.Errorf("failed to update ld.so.conf.d: %v", err) } } else { args = append(args, folders...) } + // Explicitly specify using /etc/ld.so.conf since the host's ldconfig may + // be configured to use a different config file by default. + args = append(args, "-f", "/etc/ld.so.conf") + //nolint:gosec // TODO: Can we harden this so that there is less risk of command injection return syscall.Exec(ldconfigPath, args, nil) }