nvidia-container-toolkit

UniqAI/nvidia-container-toolkit

Fork 0

mirror of https://github.com/NVIDIA/nvidia-container-toolkit synced 2025-06-09 16:18:01 +00:00

Commit Graph

Author	SHA1	Message	Date
Evan Lezar	ec29b602c3	Run update-ldcache in isolated namespaces This change uses the reexec package to run the update of the ldcache in a container in a process with isolated namespaces. Since the hook is invoked as a createContainer hook, these namespaces are cloned from the container's namespaces. In the reexec handler, we further isolate the proc filesystem, mount the host ldconfig to a tmpfs, and pivot into the containers root. Signed-off-by: Evan Lezar <elezar@nvidia.com>	2025-05-15 12:45:49 +02:00
Christopher Desiniotis	7e0cd45b1c	Check for valid paths in create-symlinks hook This change updates the create-symlinks hook to always evaluate link paths in the container's root filesystem. In addition the executable is updated to return an error if a link could not be created. Signed-off-by: Christopher Desiniotis <cdesiniotis@nvidia.com>	2024-10-29 12:16:51 -07:00

Author

SHA1

Message

Date

Evan Lezar

ec29b602c3

Run update-ldcache in isolated namespaces

This change uses the reexec package to run the update of the
ldcache in a container in a process with isolated namespaces.
Since the hook is invoked as a createContainer hook, these
namespaces are cloned from the container's namespaces.

In the reexec handler, we further isolate the proc filesystem,
mount the host ldconfig to a tmpfs, and pivot into the containers
root.

Signed-off-by: Evan Lezar <elezar@nvidia.com>

2025-05-15 12:45:49 +02:00

Christopher Desiniotis

7e0cd45b1c

Check for valid paths in create-symlinks hook

This change updates the create-symlinks hook to always evaluate
link paths in the container's root filesystem. In addition the
executable is updated to return an error if a link could not
be created.

Signed-off-by: Christopher Desiniotis <cdesiniotis@nvidia.com>

2024-10-29 12:16:51 -07:00

2 Commits