Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only allow host-relative LDConfig paths #690

Merged
merged 3 commits into from
Nov 26, 2024
Merged

Only allow host-relative LDConfig paths #690

merged 3 commits into from
Nov 26, 2024

Conversation

elezar
Copy link
Member

@elezar elezar commented Sep 11, 2024
edited
Loading

This change only allows host-relative LDConfig paths (i.e. the nvidia-container-cli.ldconfig setting starts with an @)

An allow-ldconfig-from-container feature flag is added to allow for this
the default behaviour to be changed.

This feature can be toggled by running:

sudo nvidia-ctk config --in-place --set features.allow-ldconfig-from-container=true

or by including allow-config-from-container in the NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES envvar.

@elezar elezar self-assigned this Sep 11, 2024
@elezar elezar force-pushed the ignore-ldconfig-option branch 2 times, most recently from 24ede29 to 74d8d64 Compare September 11, 2024 15:02
cdesiniotis
cdesiniotis reviewed Sep 11, 2024
View reviewed changes
internal/config/cli.go Outdated Show resolved Hide resolved
internal/config/config_test.go Outdated Show resolved Hide resolved
@elezar elezar force-pushed the ignore-ldconfig-option branch from 74d8d64 to 994c973 Compare September 16, 2024 07:52
@elezar elezar requested a review from cdesiniotis September 16, 2024 07:55
@elezar elezar force-pushed the ignore-ldconfig-option branch from 994c973 to 08fb0bc Compare September 16, 2024 11:50
@elezar elezar changed the title Ignore ldconfig option Use host ldconfig binary by default Sep 16, 2024
klueska
klueska previously requested changes Sep 18, 2024
View reviewed changes
Copy link
Contributor

@klueska klueska left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Let's continue to allow host-relative path to ldconfig even without the override
  2. Let's then change the override flag to be called allow-ldconfig-from-container

@elezar elezar force-pushed the ignore-ldconfig-option branch from 08fb0bc to 72a0400 Compare September 18, 2024 14:52
@elezar elezar changed the title Use host ldconfig binary by default Only allow host-relative LDConfig paths Sep 18, 2024
@elezar elezar marked this pull request as draft September 18, 2024 20:12
@cdesiniotis
Copy link
Contributor

@elezar besides rebasing, are there any other changes planned for this PR?

Question -- is it possible to include a comment in the default NVIDIA Container Toolkit config file that gets installed at /etc/nvidia-container-runtime/config.toml which documents the new feature flag we are adding?

@elezar
[no-relnote] Remove unused code
1afada7 
Signed-off-by: Evan Lezar <[email protected]>
@elezar
[no-relnote] Refactor config handling for hook
c076436 
This change removes indirect calls to get the default config
from the nvidia-container-runtime-hook.

Signed-off-by: Evan Lezar <[email protected]>
@elezar elezar force-pushed the ignore-ldconfig-option branch from 72a0400 to c20d246 Compare November 22, 2024 12:23
@elezar
Only allow host-relative LDConfig paths
00f1d5a 
This change only allows host-relative LDConfig paths.

An allow-ldconfig-from-container feature flag is added to allow for this
the default behaviour to be changed.

Signed-off-by: Evan Lezar <[email protected]>
@elezar elezar force-pushed the ignore-ldconfig-option branch from c20d246 to 00f1d5a Compare November 22, 2024 13:25
@elezar elezar marked this pull request as ready for review November 22, 2024 13:25
@elezar elezar dismissed klueska’s stale review November 22, 2024 13:26

Requested changes made.

@elezar
Copy link
Member Author

elezar commented Nov 22, 2024
edited
Loading

Question -- is it possible to include a comment in the default NVIDIA Container Toolkit config file that gets installed at /etc/nvidia-container-runtime/config.toml which documents the new feature flag we are adding?

The features are currently omitempty, meaning that if none of them are set we would not show them. I can look at adding a comment similar to the docstring to the ldconfig option though.

update I have looked at what is required to add a comment to the ldconfig option, and I don't think it's worth the additional overhead to ensure consistency.

@elezar elezar added the must-backport The changes in PR need to be backported to at least one stable release branch. label Nov 25, 2024
@elezar elezar merged commit dcd65a6 into NVIDIA:main Nov 26, 2024
10 checks passed
@elezar elezar mentioned this pull request Nov 26, 2024
Merged
@cdesiniotis cdesiniotis mentioned this pull request Dec 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdesiniotis cdesiniotis cdesiniotis approved these changes

@klueska klueska Awaiting requested review from klueska

@tariq1890 tariq1890 Awaiting requested review from tariq1890

Assignees

@elezar elezar

Labels
must-backport The changes in PR need to be backported to at least one stable release branch.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@elezar @cdesiniotis @klueska @tariq1890