Add symlink for /dev/fd --> /proc/dev/fd when doing ldconfig in chroot (!141) · Merge requests · nvidia / container-toolkit / libnvidia-container

Previously, we simply mounted a read-only tmpfs over /dev before executing ldconfig inside our unprivileged chroot environment. This was fine on most systems, but on debian the subsequent call to fexecve() consistently failed because it didn't have access to these fds under /dev. Adding this symlink resolves a long-standing issue and exposes no new files than we already have access to because all the same files are already present under /proc (we just now have a symlink to them under /dev as well).

Please see the NOTES and BUGs sections in the link below for an explanation of why this is necessary:

    https://man7.org/linux/man-pages/man2/execveat.2.html#notes

Signed-off-by: Kevin Klues kklues@nvidia.com

Edited Feb 18, 2022 by Kevin Klues

Add symlink for /dev/fd --> /proc/dev/fd when doing ldconfig in chroot

Merge request reports