fixup! Add a hook to update nvidia params

elezar · elezar · commit 00c5d3b7fef4 · 2025-02-13T15:20:59.000+01:00
Signed-off-by: Evan Lezar &lt;elezar@nvidia.com&gt;
diff --git a/cmd/nvidia-cdi-hook/update-nvidia-params/mount_linux.go b/cmd/nvidia-cdi-hook/update-nvidia-params/mount_linux.go
@@ -24,6 +24,6 @@ import (
 )
 
 func bindMountReadonly(source string, target string) error {
-	return unix.Mount(source, target, "", unix.MS_BIND|unix.MS_RDONLY, "")
+	return unix.Mount(source, target, "", unix.MS_BIND|unix.MS_RDONLY|unix.MS_NOSYMFOLLOW, "")
 
 }
diff --git a/cmd/nvidia-cdi-hook/update-nvidia-params/update-nvidia-params.go b/cmd/nvidia-cdi-hook/update-nvidia-params/update-nvidia-params.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/urfave/cli/v2"
@@ -150,7 +151,7 @@ func (m command) updateNvidiaParamsFromReader(r io.Reader, containerRoot string)
 		return fmt.Errorf("failed to set permissions on temporary params file: %w", err)
 	}
 
-	if err := bindMountReadonly(containerParamsFile.Name(), nvidiaDriverParamsPath); err != nil {
+	if err := bindMountReadonly(containerParamsFile.Name(), filepath.Join(containerRoot, nvidiaDriverParamsPath)); err != nil {
 		return fmt.Errorf("failed to create temporary parms file mount: %w", err)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,6 @@ import (`
`24`	`24`	`)`
`25`	`25`
`26`	`26`	`func bindMountReadonly(source string, target string) error {`
`27`		`- return unix.Mount(source, target, "", unix.MS_BIND\|unix.MS_RDONLY, "")`
	`27`	`+ return unix.Mount(source, target, "", unix.MS_BIND\|unix.MS_RDONLY\|unix.MS_NOSYMFOLLOW, "")`
`28`	`28`
`29`	`29`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ import (`
`22`	`22`	`"fmt"`
`23`	`23`	`"io"`
`24`	`24`	`"os"`
	`25`	`+ "path/filepath"`
`25`	`26`	`"strings"`
`26`	`27`
`27`	`28`	`"github.com/urfave/cli/v2"`
`@@ -150,7 +151,7 @@ func (m command) updateNvidiaParamsFromReader(r io.Reader, containerRoot string)`
`150`	`151`	`return fmt.Errorf("failed to set permissions on temporary params file: %w", err)`
`151`	`152`	`}`
`152`	`153`
`153`		`- if err := bindMountReadonly(containerParamsFile.Name(), nvidiaDriverParamsPath); err != nil {`
	`154`	`+ if err := bindMountReadonly(containerParamsFile.Name(), filepath.Join(containerRoot, nvidiaDriverParamsPath)); err != nil {`
`154`	`155`	`return fmt.Errorf("failed to create temporary parms file mount: %w", err)`
`155`	`156`	`}`
`156`	`157`