pkg/api: honor cdi devices from the hostconfig

pass down the devices specifies in the resources block so that CDI devices in the compose file are honored. Tested manually with the following compose file: services: testgpupodman_count: image: ubuntu:latest command: ["nvidia-smi"] profiles: [gpu] deploy: resources: reservations: devices: - driver: nvidia count: 1 capabilities: [gpu] testgpupodman_deviceid: image: docker.io/ubuntu:latest command: ["nvidia-smi"] deploy: resources: reservations: devices: - driver: cdi device_ids: ['nvidia.com/gpu=all'] capabilities: [gpu] Closes: https://github.com/containers/podman/issues/19338 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-05-17 23:26:08 +08:00 · 2025-01-30 21:07:21 +01:00
parent 57b9709b69
commit bc8124fd62
7 changed files with 66 additions and 0 deletions
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@ -163,6 +163,11 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
 	for _, dev := range cc.HostConfig.Devices {
 		devices = append(devices, fmt.Sprintf("%s:%s:%s", dev.PathOnHost, dev.PathInContainer, dev.CgroupPermissions))
 	}
+	for _, r := range cc.HostConfig.Resources.DeviceRequests {
+		if r.Driver == "cdi" {
+			devices = append(devices, r.DeviceIDs...)
+		}
+	}

 	// iterate blkreaddevicebps
 	readBps := make([]string, 0, len(cc.HostConfig.BlkioDeviceReadBps))
--- a/test/compose/cdi_device/README.md
+++ b/test/compose/cdi_device/README.md
@ -0,0 +1,9 @@
+cdi devices
+===========
+
+This test copies a CDI device file on a tmpfs mounted on /etc/cdi, then checks that the CDI device in the compose file is present in a container.  The test is skipped when running as rootless.
+
+Validation
+------------
+
+* The CDI device is present in the container.
--- a/test/compose/cdi_device/device.json
+++ b/test/compose/cdi_device/device.json
@ -0,0 +1,14 @@
+{
+  "cdiVersion": "0.3.0",
+  "kind": "vendor.com/device",
+  "devices": [
+    {
+      "name": "myKmsg",
+      "containerEdits": {
+        "mounts": [
+          {"hostPath": "/dev/kmsg", "containerPath": "/dev/kmsg1", "options": ["rw", "rprivate", "rbind"]}
+        ]
+      }
+    }
+  ]
+}
--- a/test/compose/cdi_device/docker-compose.yml
+++ b/test/compose/cdi_device/docker-compose.yml
@ -0,0 +1,15 @@
+services:
+  test:
+    image: alpine
+    command: ["top"]
+    volumes:
+      - /dev:/dev-host
+    security_opt:
+      - label=disable
+    deploy:
+      resources:
+        reservations:
+          devices:
+          - driver: cdi
+            device_ids: ['vendor.com/device=myKmsg']
+            capabilities: []
--- a/test/compose/cdi_device/setup.sh
+++ b/test/compose/cdi_device/setup.sh
@ -0,0 +1,9 @@
+if is_rootless; then
+    reason=" - can't write to /etc/cdi"
+    _show_ok skip "$testname # skip$reason"
+    exit 0
+fi
+
+mkdir -p /etc/cdi
+mount -t tmpfs tmpfs /etc/cdi
+cp device.json /etc/cdi
--- a/test/compose/cdi_device/teardown.sh
+++ b/test/compose/cdi_device/teardown.sh
@ -0,0 +1,3 @@
+if ! is_rootless; then
+    umount -l /etc/cdi
+fi
--- a/test/compose/cdi_device/tests.sh
+++ b/test/compose/cdi_device/tests.sh
@ -0,0 +1,11 @@
+# -*- bash -*-
+
+ctr_name="cdi_device-test-1"
+
+podman exec "$ctr_name" sh -c 'stat -c "%t:%T" /dev-host/kmsg'
+
+expected=$output
+
+podman exec "$ctr_name" sh -c 'stat -c "%t:%T" /dev/kmsg1'
+
+is "$output" "$expected" "$testname : device /dev/kmsg1 has the same rdev as /dev/kmsg on the host"