Several pre-start hook scripts are provided by default.
Some of them can be turned on or off by using the following configuration settings:
| Hook | Setting | Default | Description |
|---|---|---|---|
| 10-devices.sh | ENROOT_RESTRICT_DEV |
no |
Restrict /dev inside the container to a minimal set of devices |
| 10-home.sh | ENROOT_MOUNT_HOME |
no |
Mount the current user's home directory |
| 98-nvidia.sh | NVIDIA_[...] |
Control NVIDIA GPU support | |
| 99-mellanox.sh | MELLANOX_[...] |
Control MELLANOX HCA support |
Automatically mount the cgroup subsytems inside the container within a new cgroup namespace (if supported).
This hook is always enabled.
Restrict /dev inside the container to a minimal set of devices.
To enable it, one needs to set ENROOT_RESTRICT_DEV.
Mount the current user's home directory inside the container and set the HOME environment variable accordingly.
To enable it, one needs to set ENROOT_MOUNT_HOME.
Add new user and group entries to the container shadow databases /etc/passwd and /etc/group, these entries reflect the current user on the host.
Additionally, create home and mail directories as defined by /etc/login.defs and /etc/default/useradd inside the container.
This hook is always enabled.
Provide GPU support to the container using libnvidia-container.
Refer to nvidia-container-runtime (Environment variables)
for the list of supported settings and how to enable them.
Provide IB HCA support to the container by injecting MOFED from the host inside the container.
Devices are controlled with the MELLANOX_VISIBLE_DEVICES environment variable similar to how 98-nvidia.sh exposes GPUs.