]> git.ipfire.org Git - thirdparty/lxc.git/commit
hooks: fix nvidia hook when running under the lxc-start AppArmor profile
authorFelix Abecassis <fabecassis@nvidia.com>
Mon, 19 Mar 2018 18:38:06 +0000 (11:38 -0700)
committerFelix Abecassis <fabecassis@nvidia.com>
Mon, 19 Mar 2018 22:34:49 +0000 (15:34 -0700)
commit4a0a5e89e1b77056ee1564861e502bd7dba59656
tree47dfaf4affd86c89f16d2b627533e29691383b44
parentd3435415450b12cdfe2788e577505b0b7eea2ed8
hooks: fix nvidia hook when running under the lxc-start AppArmor profile

For a reason that I don't understand, the profile transition needs to
be done on the current process. Changing the attributes for a
subsequent execve(2) (with /proc/self/attr/exec) will cause the kernel
to set AT_SECURE in the auxiliary vector and thus secure_getenv(3)
inside libnvidia-container will return NULL.

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
hooks/nvidia