From bf7a6d05f16aa5e08c2df0ba8fa7be158e412480 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Tue, 10 Mar 2026 10:45:47 +0100 Subject: [PATCH] Add sandbox mode Signed-off-by: Evan Lezar --- pkg/nvcdi/lib-sandbox.go | 56 ++++++++++++++++++++++++++++++++++++++++ pkg/nvcdi/lib.go | 5 ++++ pkg/nvcdi/mode.go | 3 +++ pkg/nvcdi/options.go | 5 ++++ 4 files changed, 69 insertions(+) create mode 100644 pkg/nvcdi/lib-sandbox.go diff --git a/pkg/nvcdi/lib-sandbox.go b/pkg/nvcdi/lib-sandbox.go new file mode 100644 index 000000000..2c708e1d2 --- /dev/null +++ b/pkg/nvcdi/lib-sandbox.go @@ -0,0 +1,56 @@ +/** +# SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +**/ + +package nvcdi + +import ( + "fmt" + + "tags.cncf.io/container-device-interface/pkg/cdi" + + "github.com/NVIDIA/nvidia-container-toolkit/internal/discover" +) + +type sandboxlib struct { + *nvcdilib + emptyDeviceSpecGenerator +} + +var _ deviceSpecGeneratorFactory = (*sandboxlib)(nil) + +func (l *sandboxlib) DeviceSpecGenerators(...string) (DeviceSpecGenerator, error) { + return l, nil +} + +func (l *sandboxlib) GetCommonEdits() (*cdi.ContainerEdits, error) { + graphicsMounts, err := discover.NewGraphicsMountsDiscoverer(l.logger, l.driver, l.hookCreator) + if err != nil { + l.logger.Warningf("failed to create discoverer for graphics mounts: %v", err) + } + + driver, err := l.newDriverVersionDiscoverer() + if err != nil { + return nil, fmt.Errorf("failed to create driver library discoverer: %v", err) + } + + edits, err := l.editsFactory.FromDiscoverer(discover.Merge(graphicsMounts, driver)) + if err != nil { + return nil, fmt.Errorf("failed to create edits from discoverer: %v", err) + } + + return edits, nil +} diff --git a/pkg/nvcdi/lib.go b/pkg/nvcdi/lib.go index fa84e19c5..4b522ebff 100644 --- a/pkg/nvcdi/lib.go +++ b/pkg/nvcdi/lib.go @@ -89,6 +89,11 @@ func New(opts ...Option) (Interface, error) { nvcdilib: l, mode: o.mode, } + case ModeSandbox: + factory = &sandboxlib{ + nvcdilib: l, + emptyDeviceSpecGenerator: "all", + } case ModeImex: factory = (*imexlib)(l) default: diff --git a/pkg/nvcdi/mode.go b/pkg/nvcdi/mode.go index a2f2f6e64..708fdba74 100644 --- a/pkg/nvcdi/mode.go +++ b/pkg/nvcdi/mode.go @@ -46,6 +46,8 @@ const ( ModeImex = Mode("imex") // ModeNvswitch configures the CDI spec generator to generate a spec for the available nvswitch devices. ModeNvswitch = Mode("nvswitch") + // ModeSandbox + ModeSandbox = Mode("sandbox") ) type modeConstraint interface { @@ -72,6 +74,7 @@ func getModes() modes { ModeMofed, ModeNvml, ModeNvswitch, + ModeSandbox, ModeWsl, } lookup := make(map[Mode]bool) diff --git a/pkg/nvcdi/options.go b/pkg/nvcdi/options.go index a5e2b1c40..03aa42947 100644 --- a/pkg/nvcdi/options.go +++ b/pkg/nvcdi/options.go @@ -126,6 +126,11 @@ func populateOptions(opts ...Option) *options { ) } + if o.mode == ModeSandbox { + // For sandbox mode we explicitly disable all hooks. + o.disabledHooks = append(o.disabledHooks, AllHooks) + } + return o }