The 'which' command is deprecated on Debian Sid as it is not POSIX
compliant and it's behavior is therefor not consistent, so replace it
with 'command -v' which is POSIX compliant.
See https://stackoverflow.com/a/677212 for details.
Also replaced a use of backticks (`) as that is deprecated as well.
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
``/proc`` might be mounted with ``hidepid=2``.
This makes ``/proc/1/…`` appear absent for non-root users.
When using the templates or the nvidia hook as a non-root user
(e.g., when creating unprivileged containers) the error
"/proc/1/uid_map: No such file or directory" is printed.
Since the script works correctly despite the error, this error
message might be confusing for users.
Signed-off-by: Lukas Pirl <git@lukas-pirl.de>
The "display" driver capability will expose /dev/nvidia-modeset:
9398d41d9f
The "--ldcache" argument allows overriding the location of the DSO cache:
41656bf9ed
The "--root" argument allows nvidia-container-cli to execute in a different rootfs:
019fdc14e3
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
For a reason that I don't understand, the profile transition needs to
be done on the current process. Changing the attributes for a
subsequent execve(2) (with /proc/self/attr/exec) will cause the kernel
to set AT_SECURE in the auxiliary vector and thus secure_getenv(3)
inside libnvidia-container will return NULL.
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
With LXC, you can override the value of an environment variable to
null, but you can't unset an existing variable.
The NVIDIA hook was previously activated when NVIDIA_VISIBLE_DEVICES
was set to null. As a result, it was not possible to disable the hook
by overriding the environment variable in the configuration.
The hook can now be disabled by setting NVIDIA_VISIBLE_DEVICES to
null or to the new special value "void".
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
This hook requires the nvidia-container-cli tool provided by libnvidia-container:
https://github.com/nvidia/libnvidia-container
For containers that do not have CUDA_VERSION or NVIDIA_VISIBLE_DEVICES
set in the environment, the hook will be a no-op.
To enable in the configuration file:
lxc.hook.mount = /usr/local/share/lxc/hooks/nvidia
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
