use chroot to run modprobe

Signed-off-by: Varun Ramachandra Sekar <[email protected]>

Author: varunrsekar

cmd/gpu-kubelet-plugin/vfio-device.go

@@ -30,7 +30,6 @@ import (
 )
 
 const (
-	hostNamespaceMount     = "/proc/1/ns/mnt"
 	kernelIommuGroupPath   = "/sys/kernel/iommu_groups"
 	vfioPciModule          = "vfio_pci"
 	vfioPciDriver          = "vfio-pci"
@@ -116,7 +115,7 @@ func (vm *VfioPciManager) isVfioPCIModuleLoaded() bool {
 }
 
 func (vm *VfioPciManager) loadVfioPciModule() error {
-	_, err := execCommandInHostNamespace("modprobe", []string{vfioPciModule}) //nolint:gosec
+	_, err := execCommandWithChroot(vm.driverRoot, "modprobe", []string{vfioPciModule}) //nolint:gosec
 	if err != nil {
 		return err
 	}
@@ -257,10 +256,10 @@ func GetVfioCDIContainerEdits(info *VfioDeviceInfo) *cdiapi.ContainerEdits {
 	}
 }
 
-func execCommandInHostNamespace(cmd string, args []string) ([]byte, error) {
-	nsenterArgs := []string{"--mount=/proc/1/ns/mnt", cmd}
-	nsenterArgs = append(nsenterArgs, args...)
-	return exec.Command("nsenter", nsenterArgs...).CombinedOutput()
+func execCommandWithChroot(fsRoot, cmd string, args []string) ([]byte, error) {
+	chrootArgs := []string{fsRoot, cmd}
+	chrootArgs = append(chrootArgs, args...)
+	return exec.Command("chroot", chrootArgs...).CombinedOutput()
 }
 
 func execCommand(cmd string, args []string) ([]byte, error) {

deployments/container/Dockerfile

@@ -44,9 +44,7 @@ RUN apt-get update && \
         git \
         gcc-aarch64-linux-gnu \
         gcc \
-        kmod \
-        lsof \
-        util-linux
+        lsof
 
 # Install dependencies for `bash-static` build.
 RUN apt-get install -y gpg curl autoconf file
@@ -159,12 +157,7 @@ COPY --from=build   /lib/x86_64-linux-gnu/libk5crypto.so.3    /lib/x86_64-linux-
 COPY --from=build   /lib/x86_64-linux-gnu/libcom_err.so.2     /lib/x86_64-linux-gnu/libcom_err.so.2
 COPY --from=build   /lib/x86_64-linux-gnu/libkrb5support.so.0 /lib/x86_64-linux-gnu/libkrb5support.so.0
 COPY --from=build   /lib/x86_64-linux-gnu/libkeyutils.so.1    /lib/x86_64-linux-gnu/libkeyutils.so.1
-COPY --from=build   /lib/x86_64-linux-gnu/libzstd.so.1        /lib/x86_64-linux-gnu/libzstd.so.1
-COPY --from=build   /lib/x86_64-linux-gnu/liblzma.so.5        /lib/x86_64-linux-gnu/liblzma.so.5
-COPY --from=build   /lib/x86_64-linux-gnu/libcrypto.so.3      /lib/x86_64-linux-gnu/libcrypto.so.3   
 COPY --from=build   /usr/bin/lsof                             /usr/bin/lsof
-COPY --from=build   /usr/sbin/modprobe                        /usr/sbin/modprobe
-COPY --from=build   /usr/bin/nsenter                          /usr/bin/nsenter
 COPY /hack/kubelet-plugin-prestart.sh /usr/bin/kubelet-plugin-prestart.sh
 COPY /templates /templates