Skip to content

Commit aeb2e4e

Browse files
authored
Merge pull request #1745 from NVIDIA/fix-additional-gids
fix: Additional GIDs are dropped due to file mode mask
2 parents ec7b4e2 + 2e9a666 commit aeb2e4e

3 files changed

Lines changed: 79 additions & 3 deletions

File tree

internal/edits/device.go

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -130,9 +130,6 @@ func (d *device) getAdditionalGIDs(dn *specs.DeviceNode) []uint32 {
130130
if dn.FileMode == nil {
131131
return nil
132132
}
133-
if dn.FileMode.Type()&os.ModeCharDevice == 0 {
134-
return nil
135-
}
136133
if permission := dn.FileMode.Perm(); isWorldReadable(permission) && isWorldWriteable(permission) {
137134
return nil
138135
}

internal/edits/device_test.go

Lines changed: 77 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,90 @@ import (
2323

2424
"github.com/opencontainers/cgroups/devices/config"
2525
"github.com/stretchr/testify/require"
26+
"tags.cncf.io/container-device-interface/pkg/cdi"
2627
"tags.cncf.io/container-device-interface/specs-go"
2728

2829
"github.com/NVIDIA/nvidia-container-toolkit/internal/devices"
2930
"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
3031
"github.com/NVIDIA/nvidia-container-toolkit/internal/test/to"
3132
)
3233

34+
func TestDeviceToEdits(t *testing.T) {
35+
testCases := []struct {
36+
description string
37+
device discover.Device
38+
deviceslib devices.Interface
39+
expected *cdi.ContainerEdits
40+
}{
41+
{
42+
device: discover.Device{
43+
Path: "/foo",
44+
},
45+
expected: &cdi.ContainerEdits{
46+
ContainerEdits: &specs.ContainerEdits{
47+
DeviceNodes: []*specs.DeviceNode{
48+
{Path: "/foo"},
49+
},
50+
},
51+
},
52+
},
53+
{
54+
description: "device with additional GIDs",
55+
device: discover.Device{
56+
Path: "/foo",
57+
},
58+
deviceslib: &devices.InterfaceMock{
59+
DeviceFromPathFunc: func(path, permissions string) (*devices.Device, error) {
60+
if path != "/foo" {
61+
return nil, fmt.Errorf("not found %v", path)
62+
}
63+
cd := &config.Device{
64+
Rule: config.Rule{
65+
Major: 100,
66+
Minor: 200,
67+
Permissions: config.Permissions("w"),
68+
},
69+
// The bits which indicate this is a character device in the filemode
70+
// have been masked. This mimics the behavior of the real DeviceFromPath
71+
// function.
72+
FileMode: 0660 & os.ModePerm,
73+
Uid: 11,
74+
Gid: 44,
75+
}
76+
77+
return (*devices.Device)(cd), nil
78+
},
79+
},
80+
expected: &cdi.ContainerEdits{
81+
ContainerEdits: &specs.ContainerEdits{
82+
DeviceNodes: []*specs.DeviceNode{
83+
{
84+
Path: "/foo",
85+
HostPath: "",
86+
Permissions: "w",
87+
Major: 100,
88+
Minor: 200,
89+
FileMode: to.Ptr(0660 & os.ModePerm),
90+
GID: ptrIfNonZero[uint32](44),
91+
},
92+
},
93+
AdditionalGIDs: []uint32{44},
94+
},
95+
},
96+
},
97+
}
98+
99+
for _, tc := range testCases {
100+
f := factory{}
101+
t.Run(tc.description, func(t *testing.T) {
102+
defer devices.SetInterfaceForTests(tc.deviceslib)()
103+
edits, err := f.device(tc.device).toEdits()
104+
require.NoError(t, err)
105+
require.EqualValues(t, tc.expected, edits)
106+
})
107+
}
108+
}
109+
33110
func TestDeviceToSpec(t *testing.T) {
34111
testCases := []struct {
35112
description string

pkg/nvcdi/lib-csv_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,7 @@ func TestDeviceSpecGenerators(t *testing.T) {
182182
{
183183
Name: "0",
184184
ContainerEdits: specs.ContainerEdits{
185+
AdditionalGIDs: []uint32{44},
185186
DeviceNodes: []*specs.DeviceNode{
186187
{Path: "/dev/nvidia0", HostPath: "/dev/nvidia0"},
187188
{Path: "/dev/nvidiactl", HostPath: "/dev/nvidiactl"},
@@ -193,6 +194,7 @@ func TestDeviceSpecGenerators(t *testing.T) {
193194
{
194195
Name: "1",
195196
ContainerEdits: specs.ContainerEdits{
197+
AdditionalGIDs: []uint32{44},
196198
DeviceNodes: []*specs.DeviceNode{
197199
{Path: "/dev/nvidia1", HostPath: "/dev/nvidia1"},
198200
{Path: "/dev/nvidiactl", HostPath: "/dev/nvidiactl"},

0 commit comments

Comments
 (0)