From 6484581eb888996a8dc829915439fb63606dd794 Mon Sep 17 00:00:00 2001
From: Jean-Francois Roy <jf@devklog.net>
Date: Fri, 6 Sep 2024 15:07:08 -0700
Subject: [PATCH] feat: allow /sbin/ldconfig in extensions

This is specifically for the glibc extension to support nvidia container
toolkit.

Signed-off-by: Jean-Francois Roy <jf@devklog.net>
Signed-off-by: Noel Georgi <git@frezbo.dev>
---
 pkg/machinery/extensions/extensions.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/machinery/extensions/extensions.go b/pkg/machinery/extensions/extensions.go
index 3aebc0a9b9..5e2953b435 100644
--- a/pkg/machinery/extensions/extensions.go
+++ b/pkg/machinery/extensions/extensions.go
@@ -12,7 +12,10 @@ var AllowedPaths = []string{
 	"/etc/cri/conf.d",
 	"/lib/firmware",
 	"/lib/modules",
+	// The glibc loader is required by glibc dynamic binaries.
 	"/lib64/ld-linux-x86-64.so.2",
+	// /sbin/ldconfig is required by the nvidia container toolkit.
+	"/sbin/ldconfig",
 	"/usr/etc/udev/rules.d",
 	"/usr/local",
 	// glvnd, egl and vulkan are needed for OpenGL/Vulkan.