NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container-tools and libnvidia-container1 v1.17.8
• nvidia-container-toolkit and nvidia-container-toolkit-base v1.17.8

The packages for this release are published to the libnvidia-container package repositories.

What's Changed

• Updated the ordering of Mounts in CDI to have a deterministic output. This makes testing more consistent.
• Added NVIDIA_CTK_DEBUG envvar to hooks as a placeholder for enabling debugging output.

Changes in libnvidia-container

• Fixed bug in setting default for --cuda-compat-mode flag. This caused failures in use cases invoking the nvidia-container-cli directly or when the v1.17.7 version of the nvidia-container-cli was used with an older nvidia-container-runtime-hook.
• Added additional logging to the nvidia-container-cli.
• Fixed variable initialisation when updating the ldcache. This caused failures on Arch linux or other platforms where the nvidia-container-cli was built from source.

Full Changelog: v1.17.7...v1.17.8

NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container 1.17.7
• nvidia-container-toolkit 1.17.7

The packages for this release are published to the libnvidia-container package repositories.

What's Changed

• Fix mode detection on Thor-based systems. This correctly resolves auto mode to csv.
• Fix resolution of libs in LDCache on ARM. This fixes CDI spec generation on ARM-based systems using NVML.
• Added a nvidia-container-runtime-modes.legacy.cuda-compat-mode option to provide finer control of how CUDA Forward Compatibility is handled. The default value (ldconfig) fixes CUDA Compatibility Support in cases where only the NVIDIA Container Runtime Hook is used (e.g. the Docker --gpus command line flag).
• Run update-ldcache hook in isolated namespaces.

Changes in the Toolkit Container

• Bump CUDA base image version to 12.9.0

Changes in libnvidia-container

• Add --cuda-compat-mode flag to the nvidia-container-cli configure command.

Full Changelog: v1.17.6...v1.17.7

NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container 1.17.6
• nvidia-container-toolkit 1.17.6

The packages for this release are published to the libnvidia-container package repositories.

What's Changed

Changes in the Toolkit Container

• Allow container runtime executable path to be specified when configuring containerd.
• Bump CUDA base image version to 12.8.1

Changes in libnvidia-container

• Skip files when user has insufficient permissions. This prevents errors when discovering IPC sockets when the nvidia-container-cli is run as a non-root user.

Full Changelog: v1.17.5...v1.17.6

NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container 1.17.5
• nvidia-container-toolkit 1.17.5

The packages for this release are published to the libnvidia-container package repositories.

What's Changed

• Allow the enabled-cuda-compat hook to be skipped when generating CDI specifications. This improves compatibility with older NVIDIA Container Toolkit installations. The hook is explicitly ignored for management CDI specifications.
• Add IMEX binaries to CDI discovery. This includes the IMEX Daemon and IMEX Control binaries in containers.
• Fix bug that may overwrite docker feature flags when configuring CDI from the nvidia-ctk runtime configure command.
• Add an ignore-imex-channel-requests feature flag. This ensures that the NVIDIA Container Runtime can be configured to ignore IMEX channel requests when these should be managed by another component.
• Update the update-ldcache hook to run the host ldconfig from a MEMFD.
• Add support for CUDA Forward Compatibility (removed by default in v1.17.4) using a dedicated enable-cuda-compat hook. This can be disabled using a disable-cuda-compat-lib-hook feature flag.
• Disable nvsandboxutils in the nvcdi API. This prevents a segmentation violation with NVIDIA GPU Drivers from the 565 branch.
• Fix a bug where cdi mode would not work with the --gpus flag even if the NVIDIA Container Runtime was used.

Changes in the Toolkit Container

• Enable CDI in container engine (Containerd, Cri-o, Docker) if CDI_ENABLED is set.
• Bump CUDA base image version to 12.8.0

Full Changelog: v1.17.4...v1.17.5

This release is intended to allow the k8s-dra-driver-gpu and k8s-device-plugin to import the nvcdi package at a specific tag.

NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container 1.17.4
• nvidia-container-toolkit 1.17.4

The packages for this release are published to the libnvidia-container package repositories.

What's Changed

• Disable mounting of compat libs from container by default
• Add allow-cuda-compat-libs-from-container feature flag
• Skip graphics modifier in CSV mode
• Properly pass configSearchPaths to a Driver constructor
• Add support for containerd version 3 config
• Add string TOML source

Changes in libnvidia-container

• Add no-cntlibs CLI option to nvidia-container-cli

Changes in the Toolkit Container

• Bump CUDA base image version to 12.6.3

Full Changelog: v1.17.3...v1.17.4

This version includes updates for:

• NVIDIA CVE-2024-0135
• NVIDIA CVE-2024-0136
• NVIDIA CVE-2024-0137

To view any published security bulletins for NVIDIA products, see the NVIDIA product security page (https://www.nvidia.com/en-us/security/)

For more information regarding NVIDIA's security vulnerability remediation policies, see (https://www.nvidia.com/en-us/security/psirt-policies/)

NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container 1.17.3
• nvidia-container-toolkit 1.17.3

The packages for this release are published to the libnvidia-container package repositories.

What's Changed

• Only allow host-relative LDConfig paths by default.

Changes in libnvidia-container

• Create virtual copy of host ldconfig binary before calling fexecve().

Full Changelog: v1.17.2...v1.17.3

NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container 1.17.2
• nvidia-container-toolkit 1.17.2

The packages for this release are published to the libnvidia-container package repositories.

What's Changed

• Fixed a bug where legacy images would set imex channels as all. This bug caused containers to fail when no NVIDIA_IMEX_CHANNELS environment variable was set for legacy images.

Full Changelog: v1.17.1...v1.17.2

NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container 1.17.1
• nvidia-container-toolkit 1.17.1

The packages for this release are published to the libnvidia-container package repositories.

What's Changed

• Fixed a bug where specific symlinks existing in a container image could cause a container to fail to start.
• Fixed a bug on Tegra-based systems where a container would fail to start.
• Fixed a bug where the default container runtime config path was not properly set.

Changes in the Toolkit Container

• Fallback to using a config file if the current runtime config can not be determined from the command line.

Full Changelog: v1.17.0...v1.17.1

This release includes updates for:

• NVIDIA CVE-2024-0134

To view any published security bulletins for NVIDIA products, see the NVIDIA product security page (https://www.nvidia.com/en-us/security/)

For more information regarding NVIDIA's security vulnerability remediation policies, see (https://www.nvidia.com/en-us/security/psirt-policies/)

This is a promotion of the v1.17.0-rc.2 release to GA.

NOTE: This release does NOT include the nvidia-container-runtime and nvidia-docker2 packages. It is recommended that the nvidia-container-toolkit packages be installed directly.

NOTE: This release is a unified release of the NVIDIA Container Toolkit that consists of the following packages:

• libnvidia-container 1.17.0
• nvidia-container-toolkit 1.17.0

The packages for this release are published to the libnvidia-container package repositories.

Full Changelog: v1.16.2...v1.17.0

What's Changed

• Promote v1.17.0-rc.2 to v1.17.0
• Fix bug when using just-in-time CDI spec generation
• Check for valid paths in create-symlinks hook

v1.17.0-rc.2

• Fix bug in locating libcuda.so from ldcache
• Fix bug in sorting of symlink chain
• Remove unsupported print-ldcache command
• Remove csv-filename support from create-symlinks

Changes in the Toolkit Container

• Fallback to crio-status if crio status does not work when configuring the crio runtime

v1.17.0-rc.1

• Allow IMEX channels to be requested as volume mounts
• Fix typo in error message
• Add disable-imex-channel-creation feature flag
• Add -z,lazy to LDFLAGS
• Add imex channels to management CDI spec
• Add support to fetch current container runtime config from the command line.
• Add creation of select driver symlinks to CDI spec generation.
• Remove support for config overrides when configuring runtimes.
• Skip explicit creation of libnvidia-allocator.so.1 symlink
• Add vdpau as as a driver library search path.
• Add support for using libnvsandboxutils to generate CDI specifications.

Changes in the Toolkit Container

• Allow opt-in features to be selected when deploying the toolkit-container.
• Bump CUDA base image version to 12.6.2
• Remove support for config overrides when configuring runtimes.

Changes in libnvidia-container

• Add no-create-imex-channels command line option.