Skip to content

Commit 2e9a666

Browse files
elezarcdesiniotis
andcommitted
fix: Additional GIDs are dropped due to file mode mask
The filemode returned from DeviceFromPath clears the bits that are track whether the device is a character device. This means that the check that ensures that the mode includes the character device bits always fails and no additional GIDs are detected. This change removes the check. In practice this should have no effect since we only ever detect char devices. Signed-off-by: Evan Lezar <elezar@nvidia.com> Co-authored-by: Christopher Desiniotis <cdesiniotis@nvidia.com>
1 parent ec7b4e2 commit 2e9a666

3 files changed

Lines changed: 79 additions & 3 deletions

File tree

internal/edits/device.go

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -130,9 +130,6 @@ func (d *device) getAdditionalGIDs(dn *specs.DeviceNode) []uint32 {
130130
if dn.FileMode == nil {
131131
return nil
132132
}
133-
if dn.FileMode.Type()&os.ModeCharDevice == 0 {
134-
return nil
135-
}
136133
if permission := dn.FileMode.Perm(); isWorldReadable(permission) && isWorldWriteable(permission) {
137134
return nil
138135
}

internal/edits/device_test.go

Lines changed: 77 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,90 @@ import (
2323

2424
"github.com/opencontainers/cgroups/devices/config"
2525
"github.com/stretchr/testify/require"
26+
"tags.cncf.io/container-device-interface/pkg/cdi"
2627
"tags.cncf.io/container-device-interface/specs-go"
2728

2829
"github.com/NVIDIA/nvidia-container-toolkit/internal/devices"
2930
"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
3031
"github.com/NVIDIA/nvidia-container-toolkit/internal/test/to"
3132
)
3233

34+
func TestDeviceToEdits(t *testing.T) {
35+
testCases := []struct {
36+
description string
37+
device discover.Device
38+
deviceslib devices.Interface
39+
expected *cdi.ContainerEdits
40+
}{
41+
{
42+
device: discover.Device{
43+
Path: "/foo",
44+
},
45+
expected: &cdi.ContainerEdits{
46+
ContainerEdits: &specs.ContainerEdits{
47+
DeviceNodes: []*specs.DeviceNode{
48+
{Path: "/foo"},
49+
},
50+
},
51+
},
52+
},
53+
{
54+
description: "device with additional GIDs",
55+
device: discover.Device{
56+
Path: "/foo",
57+
},
58+
deviceslib: &devices.InterfaceMock{
59+
DeviceFromPathFunc: func(path, permissions string) (*devices.Device, error) {
60+
if path != "/foo" {
61+
return nil, fmt.Errorf("not found %v", path)
62+
}
63+
cd := &config.Device{
64+
Rule: config.Rule{
65+
Major: 100,
66+
Minor: 200,
67+
Permissions: config.Permissions("w"),
68+
},
69+
// The bits which indicate this is a character device in the filemode
70+
// have been masked. This mimics the behavior of the real DeviceFromPath
71+
// function.
72+
FileMode: 0660 & os.ModePerm,
73+
Uid: 11,
74+
Gid: 44,
75+
}
76+
77+
return (*devices.Device)(cd), nil
78+
},
79+
},
80+
expected: &cdi.ContainerEdits{
81+
ContainerEdits: &specs.ContainerEdits{
82+
DeviceNodes: []*specs.DeviceNode{
83+
{
84+
Path: "/foo",
85+
HostPath: "",
86+
Permissions: "w",
87+
Major: 100,
88+
Minor: 200,
89+
FileMode: to.Ptr(0660 & os.ModePerm),
90+
GID: ptrIfNonZero[uint32](44),
91+
},
92+
},
93+
AdditionalGIDs: []uint32{44},
94+
},
95+
},
96+
},
97+
}
98+
99+
for _, tc := range testCases {
100+
f := factory{}
101+
t.Run(tc.description, func(t *testing.T) {
102+
defer devices.SetInterfaceForTests(tc.deviceslib)()
103+
edits, err := f.device(tc.device).toEdits()
104+
require.NoError(t, err)
105+
require.EqualValues(t, tc.expected, edits)
106+
})
107+
}
108+
}
109+
33110
func TestDeviceToSpec(t *testing.T) {
34111
testCases := []struct {
35112
description string

pkg/nvcdi/lib-csv_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,7 @@ func TestDeviceSpecGenerators(t *testing.T) {
182182
{
183183
Name: "0",
184184
ContainerEdits: specs.ContainerEdits{
185+
AdditionalGIDs: []uint32{44},
185186
DeviceNodes: []*specs.DeviceNode{
186187
{Path: "/dev/nvidia0", HostPath: "/dev/nvidia0"},
187188
{Path: "/dev/nvidiactl", HostPath: "/dev/nvidiactl"},
@@ -193,6 +194,7 @@ func TestDeviceSpecGenerators(t *testing.T) {
193194
{
194195
Name: "1",
195196
ContainerEdits: specs.ContainerEdits{
197+
AdditionalGIDs: []uint32{44},
196198
DeviceNodes: []*specs.DeviceNode{
197199
{Path: "/dev/nvidia1", HostPath: "/dev/nvidia1"},
198200
{Path: "/dev/nvidiactl", HostPath: "/dev/nvidiactl"},

0 commit comments

Comments
 (0)