ldconfig: Create ld.so.conf file if missing

jfroy · jfroy · commit ad7c96ae4a83 · 2025-11-17T14:07:26.000-08:00
Some container images (namely distroless images) may not have the
/etc/ld.so.conf file present. This patch modifies the ldconfig CDI hook
to create a "standard" top-level ld.so.conf file if it is missing that
includes "standard" /etc/ld.so.conf.d/*.conf drop-in files.

Signed-off-by: Jean-Francois Roy &lt;jeroy@nvidia.com&gt;
diff --git a/internal/ldconfig/ldconfig.go b/internal/ldconfig/ldconfig.go
@@ -37,6 +37,15 @@ const (
 	// higher precedence than other libraries on the system, but lower than
 	// the 00-cuda-compat that is included in some containers.
 	ldsoconfdFilenamePattern = "00-nvcr-*.conf"
+	// defaultTopLevelLdsoconfFilePath is the standard location of the top-level ld.so.conf file.
+	// Most container images based on a distro will have this file, but distroless container images
+	// may not.
+	defaultTopLevelLdsoconfFilePath = "/etc/ld.so.conf"
+	// defaultLdsoconfdDir is the standard location for the ld.so.conf.d drop-in directory. Most
+	// container images based on a distro will have this directory included by the top-level
+	// ld.so.conf file, but some may not. And some container images may not have a top-level
+	// ld.so.conf file at all.
+	defaultLdsoconfdDir = "/etc/ld.so.conf.d"
 )
 
 type Ldconfig struct {
@@ -122,20 +131,22 @@ func (l *Ldconfig) UpdateLDCache() error {
 
 	// Explicitly specify using /etc/ld.so.conf since the host's ldconfig may
 	// be configured to use a different config file by default.
-	const topLevelLdsoconfFilePath = "/etc/ld.so.conf"
-	filteredDirectories, err := l.filterDirectories(topLevelLdsoconfFilePath, l.directories...)
+	filteredDirectories, err := l.filterDirectories(defaultTopLevelLdsoconfFilePath, l.directories...)
 	if err != nil {
 		return err
 	}
 
 	args := []string{
 		filepath.Base(ldconfigPath),
-		"-f", topLevelLdsoconfFilePath,
+		"-f", defaultTopLevelLdsoconfFilePath,
 		"-C", "/etc/ld.so.cache",
 	}
 
-	if err := createLdsoconfdFile(ldsoconfdFilenamePattern, filteredDirectories...); err != nil {
-		return fmt.Errorf("failed to update ld.so.conf.d: %w", err)
+	if err := ensureLdsoconfFile(defaultTopLevelLdsoconfFilePath, defaultLdsoconfdDir); err != nil {
+		return fmt.Errorf("failed to ensure ld.so.conf file: %w", err)
+	}
+	if err := createLdsoconfdFile(defaultLdsoconfdDir, ldsoconfdFilenamePattern, filteredDirectories...); err != nil {
+		return fmt.Errorf("failed to create ld.so.conf.d drop-in file: %w", err)
 	}
 
 	// In most cases, the hook will be executing a host ldconfig that may be configured widely
@@ -144,8 +155,8 @@ func (l *Ldconfig) UpdateLDCache() error {
 	// (e.g. /usr/lib/glibc). To avoid all these cases, append the container's expected system
 	// search paths to the top-level ld.so.conf. This will ensure they get scanned but won't
 	// materially change the scan order.
-	if err := appendSystemSearchPathsToLdsoconf(topLevelLdsoconfFilePath, l.getSystemSearchPaths()...); err != nil {
-		return fmt.Errorf("failed to append system search paths to %s: %w", topLevelLdsoconfFilePath, err)
+	if err := appendSystemSearchPathsToLdsoconf(defaultTopLevelLdsoconfFilePath, l.getSystemSearchPaths()...); err != nil {
+		return fmt.Errorf("failed to append system search paths to %s: %w", defaultTopLevelLdsoconfFilePath, err)
 	}
 
 	return SafeExec(ldconfigPath, args, nil)
@@ -191,19 +202,15 @@ func (l *Ldconfig) filterDirectories(configFilePath string, directories ...strin
 	return filtered, nil
 }
 
-// createLdsoconfdFile creates a file at /etc/ld.so.conf.d/.
-// The file is created at /etc/ld.so.conf.d/{{ .pattern }} using `CreateTemp` and
-// contains the specified directories on each line.
-func createLdsoconfdFile(pattern string, dirs ...string) error {
+// createLdsoconfdFile creates a ld.so.conf.d drop-in file with the specified directories on each
+// line. The file is created at `ldsoconfdDir`/{{ .pattern }} using `CreateTemp`.
+func createLdsoconfdFile(ldsoconfdDir, pattern string, dirs ...string) error {
 	if len(dirs) == 0 {
 		return nil
 	}
-
-	ldsoconfdDir := "/etc/ld.so.conf.d"
 	if err := os.MkdirAll(ldsoconfdDir, 0755); err != nil {
 		return fmt.Errorf("failed to create ld.so.conf.d: %w", err)
 	}
-
 	configFile, err := os.CreateTemp(ldsoconfdDir, pattern)
 	if err != nil {
 		return fmt.Errorf("failed to create config file: %w", err)
@@ -217,7 +224,7 @@ func createLdsoconfdFile(pattern string, dirs ...string) error {
 		if added[dir] {
 			continue
 		}
-		_, err = fmt.Fprintf(configFile, "%s\n", dir)
+		_, err := fmt.Fprintf(configFile, "%s\n", dir)
 		if err != nil {
 			return fmt.Errorf("failed to update config file: %w", err)
 		}
@@ -250,6 +257,19 @@ func appendSystemSearchPathsToLdsoconf(configFilePath string, dirs ...string) er
 	return nil
 }
 
+// ensureLdsoconfFile creates a "standard" top-level ld.so.conf file if none exists.
+//
+// The created file will contain a single include statement for "`ldsoconfdDir`/*.conf".
+func ensureLdsoconfFile(topLevelLdsoconfFilePath, ldsoconfdDir string) error {
+	configFile, err := os.OpenFile(topLevelLdsoconfFilePath, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0644)
+	if err != nil && !os.IsExist(err) {
+		return fmt.Errorf("failed to create top-level ld.so.conf file: %w", err)
+	}
+	defer configFile.Close()
+	configFile.WriteString("include " + ldsoconfdDir + "/*.conf\n")
+	return nil
+}
+
 // getLdsoconfDirectories returns a map of ldsoconf directories to the conf
 // files that refer to the directory.
 func (l *Ldconfig) getLdsoconfDirectories(configFilePath string) (map[string]struct{}, error) {
diff --git a/internal/ldconfig/ldconfig_test.go b/internal/ldconfig/ldconfig_test.go
@@ -194,3 +194,124 @@ func TestAppendSystemSearchPathsToLdsoconf(t *testing.T) {
 		})
 	}
 }
+
+func TestCreateLdsoconfdFile(t *testing.T) {
+	testCases := []struct {
+		description     string
+		pattern         string
+		dirs            []string
+		expectedContent []string
+	}{
+		{
+			description:     "empty directories",
+			pattern:         "test-*.conf",
+			dirs:            []string{},
+			expectedContent: nil,
+		},
+		{
+			description: "single directory",
+			pattern:     "test-*.conf",
+			dirs:        []string{"/usr/local/lib"},
+			expectedContent: []string{
+				"/usr/local/lib",
+			},
+		},
+		{
+			description: "multiple directories",
+			pattern:     "test-*.conf",
+			dirs:        []string{"/usr/local/lib", "/opt/lib", "/usr/lib64"},
+			expectedContent: []string{
+				"/usr/local/lib",
+				"/opt/lib",
+				"/usr/lib64",
+			},
+		},
+		{
+			description: "duplicate directories",
+			pattern:     "test-*.conf",
+			dirs:        []string{"/usr/local/lib", "/opt/lib", "/usr/local/lib"},
+			expectedContent: []string{
+				"/usr/local/lib",
+				"/opt/lib",
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.description, func(t *testing.T) {
+			tmpDir := t.TempDir()
+
+			err := createLdsoconfdFile(tmpDir, tc.pattern, tc.dirs...)
+			require.NoError(t, err)
+
+			if len(tc.expectedContent) == 0 {
+				entries, err := os.ReadDir(tmpDir)
+				require.NoError(t, err)
+				require.Empty(t, entries)
+				return
+			}
+
+			entries, err := os.ReadDir(tmpDir)
+			require.NoError(t, err)
+			require.Len(t, entries, 1)
+			createdFile := filepath.Join(tmpDir, entries[0].Name())
+
+			info, err := os.Stat(createdFile)
+			require.NoError(t, err)
+			require.Equal(t, os.FileMode(0644), info.Mode().Perm())
+
+			content, err := os.ReadFile(createdFile)
+			require.NoError(t, err)
+			lines := strings.Split(strings.TrimSpace(string(content)), "\n")
+			require.Equal(t, tc.expectedContent, lines)
+		})
+	}
+}
+
+func TestEnsureLdsoconfFile(t *testing.T) {
+	testCases := []struct {
+		description     string
+		existingContent string
+		ldsoconfdDir    string
+		expectCreation  bool
+		expectedContent string
+	}{
+		{
+			description:     "creates file when none exists",
+			existingContent: "",
+			ldsoconfdDir:    "/custom/ld.so.conf.d",
+			expectCreation:  true,
+			expectedContent: "include /custom/ld.so.conf.d/*.conf\n",
+		},
+		{
+			description:     "does not modify existing file",
+			existingContent: "# custom config\n/usr/local/lib\n",
+			ldsoconfdDir:    "/etc/ld.so.conf.d",
+			expectCreation:  false,
+			expectedContent: "# custom config\n/usr/local/lib\n",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.description, func(t *testing.T) {
+			tmpDir := t.TempDir()
+			confFilePath := filepath.Join(tmpDir, "ld.so.conf")
+
+			if tc.existingContent != "" {
+				err := os.WriteFile(confFilePath, []byte(tc.existingContent), 0644)
+				require.NoError(t, err)
+			}
+
+			err := ensureLdsoconfFile(confFilePath, tc.ldsoconfdDir)
+			require.NoError(t, err)
+
+			info, err := os.Stat(confFilePath)
+			require.NoError(t, err)
+			require.Equal(t, os.FileMode(0644), info.Mode().Perm())
+
+			content, err := os.ReadFile(confFilePath)
+			require.NoError(t, err)
+			require.Equal(t, tc.expectedContent, string(content))
+		})
+	}
+}
