init: improve nvidia integration, skip files when directory is already a ro-mountpoint, log with warnings

Signed-off-by: Luca Di Maio <luca.dimaio1@gmail.com>
2025-02-25 18:55:25 -06:00 · 2025-01-19 15:23:11 +01:00
parent 855e284886
commit 236e2bfa88
1 changed files with 13 additions and 0 deletions
--- a/13
+++ b/13
@@ -1887,6 +1887,10 @@ if [ "${nvidia}" -eq 1 ]; then
 	for nvidia_file in ${NVIDIA_FILES}; do
 		dest_file="$(printf "%s" "${nvidia_file}" | sed 's|/run/host||g')"

+		if [ ! -w "$(dirname "${dest_file}")" ]; then
+			printf "Warning: skpping file %s, %s mounted as read-only\n" "${dest_file}" "$(dirname "${dest_file}")"
+			continue
+		fi
 		# Mounting read-only in a user namespace will trigger a check to see if certain
 		# "locked" flags (line noexec,nodev,nosuid) are changed. This ensures we explicitly reuse those flags.
 		locked_flags="$(get_locked_mount_flags "${nvidia_file}")"
@@ -1908,6 +1912,10 @@ if [ "${nvidia}" -eq 1 ]; then
 	for nvidia_file in ${NVIDIA_FILES}; do
 		dest_file="$(printf "%s" "${nvidia_file}" | sed 's|/run/host||g')"

+		if [ ! -w "$(dirname "${dest_file}")" ]; then
+			printf "Warning: skpping file %s, %s mounted as read-only\n" "${dest_file}" "$(dirname "${dest_file}")"
+			continue
+		fi
 		# Mounting read-only in a user namespace will trigger a check to see if certain
 		# "locked" flags (line noexec,nodev,nosuid) are changed. This ensures we explicitly reuse those flags.
 		locked_flags="$(get_locked_mount_flags "${nvidia_file}")"
@@ -1969,6 +1977,11 @@ if [ "${nvidia}" -eq 1 ]; then
 			continue
 		fi

+		if [ ! -w "$(dirname "${dest_file}")" ]; then
+			printf "Warning: skpping file %s, %s mounted as read-only\n" "${dest_file}" "$(dirname "${dest_file}")"
+			continue
+		fi
+
 		type="file"
 		if [ -L "${nvidia_lib}" ]; then
 			type="link"