mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2025-05-28 17:18:49 +00:00
ec29b602c3
This change uses the reexec package to run the update of the ldcache in a container in a process with isolated namespaces. Since the hook is invoked as a createContainer hook, these namespaces are cloned from the container's namespaces. In the reexec handler, we further isolate the proc filesystem, mount the host ldconfig to a tmpfs, and pivot into the containers root. Signed-off-by: Evan Lezar <elezar@nvidia.com> |
||
|---|---|---|
| .. | ||
| container-root.go | ||
| ldconfig_linux.go | ||
| ldconfig_other.go | ||
| safe-exec_linux.go | ||
| safe-exec_other.go | ||
| update-ldcache.go | ||