Honor DOCKER_RAMDISK environment variable about libnvidia-container HOT 13 CLOSED

As I am trying to figure this out, can someone explain me the effect of the last chroot call? (https://github.com/NVIDIA/libnvidia-container/blob/master/src/nvc_ldcache.c#L125). It seems to me that at this point, we are at the root of the target rootfs, which is already our / thanks to the pivot_root(".", "."), so it looks like a no-op to me, but I'm probably missing some detail.

I found the equivalent code to change_rootfs in runc (https://github.com/opencontainers/runc/blob/63e6708c74c1cc46091ec92ea9df5aca4d82e803/libcontainer/rootfs_linux.go#L647) and it does not include the last chroot call, so I'm confused.

from libnvidia-container.

This seems like a reasonable ask, @3XX0 what do you think? (he's out this week though)
Not sure if we should add a CLI flag like runc, or if we should try to detect this situation like LXC.

from libnvidia-container.

As far as it goes, I have something working based on checking for the environment variable, I don't know if that's a satisfying implementation (once again, I'm quite new to this).
Pull request coming tomorrow morning (UTC+1) so you can see what you think about it.

from libnvidia-container.

We definitely don't want to rely on this environment variable :), libnvidia-container works outside of docker.
Again, we could either do like LXC:
https://github.com/lxc/lxc/blob/b988d228d1868e9bee6e7e4ded1eee859c4716fe/src/lxc/conf.c#L1580-L1591
https://github.com/lxc/lxc/blob/b988d228d1868e9bee6e7e4ded1eee859c4716fe/src/lxc/utils.c#L1297-L1342

Or like runc with runc run --no-pivot.

I would defer to @3XX0 for the decision.

from libnvidia-container.

Oh yes that's something I should have thought about.

I'll send my PR with an if (no_pivot_root()) clearly separated from the rest so that you can plug in what you feel is right (or just do it from scratch if my code is broken).

EDIT: actually that will happen later, because as I understand my company would need to sign and send the CLA, and that will take a bit of time with many people being on holiday.

from libnvidia-container.

Closing as there doesn't seem to be anything to do.

from libnvidia-container.

Sorry but why is there nothing to do? The code still calls SYS_pivot_root unconditionally, which will still fail with an initramfs.

from libnvidia-container.

Reasonable enough, I don't think I read this issue properly before closing it, sorry.
We will look into this, though this isn't a very high priority

from libnvidia-container.

I understand perfectly that this is a corner case.
If you give me a hint on which strategy you'd like from the two described earlier, I may be able to write the code and make a proper PR.

from libnvidia-container.

Can this ticket now be closed with the introduction of the --no-pivot-root flag in the 1.1.0 release?

from libnvidia-container.

Since there has been no response, I am closing this issue.

@Ricordel please reopen / create a new issue if the --no-pivot-root option does not address the issue.

from libnvidia-container.

Sorry for the HUGE delay responding, this subject got out of my radar during a long time.

After finally coming back to it, I tested with 1.4.0 and the --no-pivot-root flag works just fine, thank you for including it.

from libnvidia-container.

Just a note. A fix was merged in https://gitlab.com/nvidia/container-toolkit/libnvidia-container/-/merge_requests/175 that ensures that the LDCache is updated when the --no-pivot-root option is specified.

from libnvidia-container.