Commit Graph

1886 Commits

Author SHA1 Message Date
Renaud Gaubert
0d0f3bfa56 Merge branch 'license' into 'master'
Update package license to match source license

See merge request nvidia/container-toolkit/container-toolkit!10
2020-06-10 19:25:50 +00:00
Renaud Gaubert
6cfc80975c Update package license to match source license
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2020-06-09 03:03:27 +00:00
Kevin Klues
d112fbd98a Merge branch 'upstream-fix-for-oci-1.0.0-rc2' into 'master'
Add support for parsing Linux Capabilities for older OCI specs

See merge request nvidia/container-toolkit/container-toolkit!9
2020-06-03 22:35:58 +00:00
Kevin Klues
9d66665d4b Update for patch release 1.1.2
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-06-03 21:26:25 +00:00
Kevin Klues
c32237f39c Add support for parsing Linux Capabilities for older OCI specs
This was added to fix a regression with support for the default runc
shipped with CentOS 7.

The version of runc that is installed by default on CentOS 7 is
1.0.0-rc2 which uses OCI spec 1.0.0-rc2-dev.

This is a prerelease of the OCI spec, which defines the capabilities
section of a process configuration to be a flat list of capabilities
(e.g. SYS_ADMIN, SYS_PTRACE, SYS_RAWIO, etc.)
https://github.com/opencontainers/runtime-spec/blob/v1.0.0-rc2/config.md#process-configuration

By the time the official 1.0.0 version of the OCI spec came out, the
capabilities section of a process configuration was expanded to include
embedded fields for effective, bounding, inheritable, permitted and
ambient (each of which can contain a flat list of capabilities of the
form SYS_ADMIN, SYS_PTRACE, SYS_RAWIO, etc.)
https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#linux-process

Previously, we only inspected the capabilities section of a process
configuration assuming it was in the format of OCI spec 1.0.0.

This patch makes sure we can parse the capaibilites in either format.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-06-03 21:25:13 +00:00
Kevin Klues
39a985ce96 Update vendored packages
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-06-03 21:25:13 +00:00
Renaud Gaubert
809dd1855a Merge branch 'upstream-patch-1.1.1' into 'master'
Update for patch release 1.1.1

See merge request nvidia/container-toolkit/container-toolkit!8
2020-05-19 19:51:44 +00:00
Kevin Klues
ffa82d90b4 Update changelog for 1.1.1
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-19 14:55:40 +00:00
Kevin Klues
d202adedec Update version to 1.1.1
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-19 14:04:59 +00:00
Kevin Klues
8f74fabc83 Update dependence on libnvidia-container to 1.1.1
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-19 14:04:29 +00:00
Kevin Klues
9c2c610fcd Update changelog for 1.1.0 release
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-18 13:21:14 +02:00
Renaud Gaubert
976428af2c Merge branch '1.1.0-staging' into 'master'
1.1.0 staging

See merge request nvidia/container-toolkit/container-toolkit!7
2020-05-15 19:39:41 +00:00
Kevin Klues
2c15e81822 Bump version to 1.1.0
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-15 21:34:41 +02:00
Kevin Klues
fcc1d116f0 Merge branch 'internal-add-mig-config-monitor' into 'master'
Add support for mig-config and mig-monitor as privileged capabilities

See merge request dl/container-dev/nvidia-container-toolkit!3
2020-05-15 19:04:10 +00:00
Renaud Gaubert
d4ff0416d8 Merge branch 'add-mergeable-visible-devices-envvar' into 'master'
Add ability to merge envars of the form NVIDIA_VISIBLE_DEVICES_*

See merge request dl/container-dev/nvidia-container-toolkit!2
2020-05-15 19:04:10 +00:00
Kevin Klues
8f387816bc Add support for mig-config and mig-monitor as privileged flags
These flags can only be injected into priviliged containers. If the
container is unpriviliged, and one of these flags is specified, then we
exit with an error.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-15 19:04:10 +00:00
Kevin Klues
05012e7b7f Extend fields we inspect in the runc spec to include linux capabilities
This also includes a helper to look through the capabilities contained
in the spec to determine if the container is privileged or not.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-15 19:04:10 +00:00
Kevin Klues
01b4381282 Add ability to merge envars of the form NVIDIA_VISIBLE_DEVICES_*
This allows someone to (for example) pass the following environment
variables:

NVIDIA_VISIBLE_DEVICES_0="0,1"
NVIDIA_VISIBLE_DEVICES_1="2,3"
NVIDIA_VISIBLE_DEVICES_WHATEVER="4,5"

and have the nvidia-container-toolkit automatically merge these into:

NVIDIA_VISIBLE_DEVICES="0,1,2,3,4,5"

This is useful (for example) if the full list of devices comes
from multiple, disparate sources.

Note: This will override whatever the original value of
NVIDIA_VISIBLE_DEVICES was (*excluding* its original value) if it also
exists as an environment variable already. We exclude the original value
to ensure that we have a way to override the default value of
NVIDIA_VISIBLE_DEVICES set to "all" inside a container image.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-15 19:04:05 +00:00
Renaud Gaubert
4e4de762b7 Merge branch 'upstream-cross-build' into 'master'
Update build system to match libnvidia-container

See merge request nvidia/container-toolkit/container-toolkit!6
2020-05-15 18:10:57 +00:00
Kevin Klues
6589f9f28d Update .gitlab-ci.yml to match that of libnvidia-container
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-14 21:42:14 +02:00
Kevin Klues
3353d7530c Update build system to match libnvidia-container
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2020-05-14 19:27:57 +00:00
Renaud Gaubert
f7a19bb301 Split docker targets into the docker.mk file
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2020-04-11 17:20:28 -07:00
Renaud Gaubert
87c8a868f9 Add binary target and use go mod
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2020-04-11 17:18:14 -07:00
Renaud Gaubert
60f165ad69 Merge branch 'toolkit_no_pivot' into 'master'
add no-pivot option to toolkit

See merge request nvidia/container-toolkit/toolkit!3
2020-02-01 01:17:49 +00:00
Kathryn Baldauf
5beddd6705 add no-pivot option to toolkit
Signed-off-by: Kathryn Baldauf <kabaldau@microsoft.com>
2020-01-31 16:43:41 -08:00
Jon Mayo
2155c2d587 Merge branch 'cleanup-driver-caps' into 'master'
Cleanup naming of constants and functions

See merge request nvidia/container-toolkit/toolkit!2
2019-12-20 17:24:26 +00:00
Kevin Klues
c84d80d5ea Make all references to 'Capabilities' explicit to 'DriverCapabilities'
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2019-12-20 16:27:56 +00:00
Kevin Klues
b3de846f66 Cleanup names of constants to better match ENVVARs
Signed-off-by: Kevin Klues <kklues@nvidia.com>
2019-12-20 16:08:47 +00:00
Renaud Gaubert
8da6d14a20 Ensure LICENSE and CONTRIBUTING.md files are present
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2019-10-31 12:56:46 -07:00
Renaud Gaubert
a8acc86ddf Login to gitlab registry
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2019-10-22 16:39:54 -07:00
Renaud Gaubert
9e1c8c1bbb Rename images
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2019-10-22 16:11:35 -07:00
Renaud Gaubert
f94c718c62 Correct push target
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2019-10-22 15:16:38 -07:00
Renaud Gaubert
fea67a50b8 Install make in the job
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2019-10-22 14:58:54 -07:00
Renaud Gaubert
713ffee7a3 Use the dind service
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2019-10-22 14:56:05 -07:00
Renaud Gaubert
d84ddccc68 Fix gitlab-ci syntax error
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2019-10-22 14:38:10 -07:00
Renaud Gaubert
6f4a5a34cf Init
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2019-10-22 14:36:22 -07:00