fix(bootstrap,sandbox): add Tegra detection logging and extract CDI GID preservation

pimlock · pimlock · commit 5d21ac3c5106 · 2026-04-07T01:28:26.000Z
- Log when Tegra platform is detected and host-files bind mount is added,
  including the kernel version from the Docker daemon.
- Extract CDI GID snapshot logic into `snapshot_cdi_gids()` function that
  only activates when GPU devices are present (/dev/nvidiactl exists).
- Log preserved CDI-injected GIDs when they are restored after initgroups.
- Fix cargo fmt formatting issue in docker.rs.
diff --git a/crates/openshell-bootstrap/src/docker.rs b/crates/openshell-bootstrap/src/docker.rs
@@ -613,8 +613,11 @@ pub async fn ensure_container(
             .as_deref()
             .map_or(false, |k| k.contains("tegra"));
         if is_tegra {
-            const HOST_FILES_DIR: &str =
-                "/etc/nvidia-container-runtime/host-files-for-container.d";
+            const HOST_FILES_DIR: &str = "/etc/nvidia-container-runtime/host-files-for-container.d";
+            tracing::info!(
+                kernel_version = info.kernel_version.as_deref().unwrap_or("unknown"),
+                "Detected Tegra platform, bind-mounting {HOST_FILES_DIR} for CDI spec generation"
+            );
             let mut binds = host_config.binds.take().unwrap_or_default();
             binds.push(format!("{HOST_FILES_DIR}:{HOST_FILES_DIR}:ro"));
             host_config.binds = Some(binds);
diff --git a/crates/openshell-sandbox/src/process.rs b/crates/openshell-sandbox/src/process.rs
@@ -414,26 +414,22 @@ pub fn drop_privileges(policy: &SandboxPolicy) -> Result<()> {
             target_os = "redox"
         )))]
         {
-            // Snapshot the container-level supplemental GIDs (e.g. injected by
-            // CDI for GPU device access) before initgroups replaces them.
-            // Exclude GID 0 (root) to avoid inadvertent privilege retention.
-            let root_gid = nix::unistd::Gid::from_raw(0);
-            let container_gids: Vec<nix::unistd::Gid> = nix::unistd::getgroups()
-                .unwrap_or_default()
-                .into_iter()
-                .filter(|&g| g != root_gid)
-                .collect();
+            let cdi_gids = snapshot_cdi_gids();
             nix::unistd::initgroups(user_cstr.as_c_str(), group.gid).into_diagnostic()?;
-            // Merge back any CDI-injected GIDs that initgroups dropped so that
-            // exec'd processes retain access to GPU devices (e.g. /dev/nvmap on
-            // Tegra requires the video GID).
-            let mut merged: Vec<nix::unistd::Gid> = nix::unistd::getgroups().unwrap_or_default();
-            for gid in container_gids {
-                if !merged.contains(&gid) {
-                    merged.push(gid);
+            if !cdi_gids.is_empty() {
+                let mut merged: Vec<nix::unistd::Gid> =
+                    nix::unistd::getgroups().unwrap_or_default();
+                for gid in &cdi_gids {
+                    if !merged.contains(gid) {
+                        merged.push(*gid);
+                    }
                 }
+                tracing::info!(
+                    gids = ?cdi_gids.iter().map(|g| g.as_raw()).collect::<Vec<_>>(),
+                    "Preserving CDI-injected supplementary GIDs across initgroups"
+                );
+                nix::unistd::setgroups(&merged).into_diagnostic()?;
             }
-            nix::unistd::setgroups(&merged).into_diagnostic()?;
         }
     }
 
@@ -477,6 +473,30 @@ pub fn drop_privileges(policy: &SandboxPolicy) -> Result<()> {
     Ok(())
 }
 
+/// Snapshot supplementary GIDs injected by the container runtime (e.g. via CDI
+/// `additionalGids`) before `initgroups` replaces them.
+///
+/// Only captures GIDs when GPU devices are present — on non-GPU sandboxes the
+/// runtime won't inject device-access GIDs so there is nothing to preserve.
+/// GID 0 (root) is always excluded to avoid inadvertent privilege retention.
+#[cfg(not(any(
+    target_os = "macos",
+    target_os = "ios",
+    target_os = "haiku",
+    target_os = "redox"
+)))]
+fn snapshot_cdi_gids() -> Vec<nix::unistd::Gid> {
+    if !std::path::Path::new("/dev/nvidiactl").exists() {
+        return Vec::new();
+    }
+    let root_gid = nix::unistd::Gid::from_raw(0);
+    nix::unistd::getgroups()
+        .unwrap_or_default()
+        .into_iter()
+        .filter(|&g| g != root_gid)
+        .collect()
+}
+
 /// Process exit status.
 #[derive(Debug, Clone, Copy)]
 pub struct ProcessStatus {
