mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2025-05-28 09:08:27 +00:00
ec29b602c3
This change uses the reexec package to run the update of the ldcache in a container in a process with isolated namespaces. Since the hook is invoked as a createContainer hook, these namespaces are cloned from the container's namespaces. In the reexec handler, we further isolate the proc filesystem, mount the host ldconfig to a tmpfs, and pivot into the containers root. Signed-off-by: Evan Lezar <elezar@nvidia.com>
15 lines
153 B
Go
15 lines
153 B
Go
//go:build !linux
|
|
|
|
package reexec
|
|
|
|
import (
|
|
"os/exec"
|
|
)
|
|
|
|
func command(args ...string) *exec.Cmd {
|
|
return &exec.Cmd{
|
|
Path: Self(),
|
|
Args: args,
|
|
}
|
|
}
|