opencontainers/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2026-02-05 18:45:28 +01:00
Code Issues Wiki Activity
Files
v1.2.8
runc/libcontainer/cgroups
History
Kir Kolyshkin 9742b6cf10 libct/cg/sd: set the DeviceAllow property before DevicePolicy 
Every unit created by runc need daemon reload since systemd v230.
This breaks support for NVIDIA GPUs, see
https://github.com/opencontainers/runc/issues/3708#issuecomment-2216967210

A workaround is to set DeviceAllow before DevicePolicy.

Also:
 - add a test case (which fails before the fix) by @kolyshkin
 - better explain why we need empty DeviceAllow (by @cyphar)

Fixes 4568.

Reported-by: Jian Wen <wenjianhn@gmail.com>
Co-authored-by: Jian Wen <wenjianhn@gmail.com>
Co-authored-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit d84388ae10)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-05 12:18:12 -08:00
..
devices
libct/cg/sd: set the DeviceAllow property before DevicePolicy
2025-02-05 12:18:12 -08:00
fs
Merge pull request #4405 from amghazanfari/main
2024-10-04 14:01:23 -07:00
fs2
runc create/run: warn on rootless + shared pidns + no cgroup
2024-09-17 22:49:37 -07:00
fscommon
Remove io/ioutil use
2021-10-14 13:46:02 -07:00
manager
ci: fix TestNilResources when systemd not available
2023-08-02 23:00:46 -07:00
systemd
libcontainer/userns: migrate to github.com/moby/sys/userns
2024-10-09 22:20:25 +08:00
cgroups_test.go
tree-wide: use /proc/thread-self for thread-local state
2023-12-14 11:36:41 +11:00
cgroups.go
runc create/run: warn on rootless + shared pidns + no cgroup
2024-09-17 22:49:37 -07:00
file_test.go
libct/cg: write unified resources line by line
2024-06-09 14:01:45 -07:00
file.go
libct/cg: write unified resources line by line
2024-06-09 14:01:45 -07:00
getallpids_test.go
libct/*: remove linux build tag from some pkgs
2021-08-30 20:52:07 -07:00
getallpids.go
libct/cg: rm go 1.15 compatibility
2021-12-14 13:08:47 -08:00
stats.go
Merge pull request #4010 from HeRaNO/use-peak
2023-10-25 22:18:02 +08:00
utils_test.go
libct/cg: add test for remove a non-existent dir in a ro mount point
2024-11-15 00:00:15 +00:00
utils.go
libct/cg: RemovePath: improve comments
2024-11-13 13:51:20 +00:00
v1_utils.go
tree-wide: use /proc/thread-self for thread-local state
2023-12-14 11:36:41 +11:00