In CSV mode the CSV files at /etc/nvidia-container-runtime/host-files-for-container.d/
should be the source of truth for container modifications. This change skips graphics
modifications to a container. This prevents conflicts when handling files such as
vulkan icd files which are already defined in the CSV file.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This change adds support for containerd configs with version=3.
From the perspective of the runtime configuration the contents of the
config are the same. This means that we just have to load the new
version and ensure that this is propagated to the generated config.
Note that v3 config also requires a switch to the 'io.containerd.cri.v1.runtime'
CRI runtime plugin. See:
https://github.com/containerd/containerd/blob/v2.0.0/docs/PLUGINS.mdhttps://github.com/containerd/containerd/issues/10132
Note that we still use a default config of version=2 since we need to
ensure compatibility with older containerd versions (1.6.x and 1.7.x).
Signed-off-by: Sam Lockart <sam.lockart@zendesk.com>
Signed-off-by: Evan Lezar <elezar@nvidia.com>
Signed-off-by: Christopher Desiniotis <cdesiniotis@nvidia.com>
This change only allows host-relative LDConfig paths.
An allow-ldconfig-from-container feature flag is added to allow for this
the default behaviour to be changed.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
For legacy images (images with a CUDA_VERSION set but no CUDA_REQUIRES set), the
default behaviour for device envvars is to treat non-existence as all.
This change ensures that the NVIDIA_IMEX_CHANNELS envvar is not treated in the same
way, instead returning no devices if the envvar is not set.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This fix ensures that the default config file path for the nvidia-ctk runtime configure
command is set consistently.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This change ensures that we fall back to the previous behaviour of
reading the existing config from the specified config file if extracting
the current config from the command line fails. This fixes use cases where
the containerd / crio executables are not available.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This change updates the create-symlink hook to be equivalent to
ln -f -s target link
This ensures that links are updated even if they exist in the container
being run.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This change fixes a bug when using just-in-time CDI spec generation for the
NVIDIA Container Runtime for specific devices (i.e. not 'all').
Instead of unconditionally using the default nvsandboxutils library -- leading
to errors due to undefined symbols -- we check whether the library can be
properly initialised before continuing.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This change updates the create-symlinks hook to always evaluate
link paths in the container's root filesystem. In addition the
executable is updated to return an error if a link could not
be created.
Signed-off-by: Christopher Desiniotis <cdesiniotis@nvidia.com>
This chagne ensures that we always treat the link path as a path
relative to the container root. Without this change, relative paths
in link paths would result links being created relative to the
current working directory where the hook is executed.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
