Share and learn in the Docker community.
If I use the following Dockerfile
FROM ubuntu:24.04
RUN cat /sys/class/drm/renderD128/device/uevent 2>/dev/null | grep "DRIVER="
And then docker build ., the output correctly shows DRIVER=i915 on my intel-based laptop w/o discrete GPU, and DRIVER=nvidia on my intel-based desktop where the default DRI device renderD128 is my Nvidia GPU.
My question is: what causes this to work? Is BuildKit mounting some part of /sys automagically? I simply want to understand the mechanics at play.
I don’t think it needs any magic. /sys is for communicating with the kernel and the kernel is the same in the container and outside the container. You can always see the same hardware from a containr, the question is whether you can also use it or not. So it would be the same with Docker. Buildkit doesn’t need Docker, but it still uses runc which is used by Docker as well, through containerd. You can run this command:
runc spec
That will generate a config json. If you open it, you will find this:
"maskedPaths": [
"/proc/acpi",
"/proc/asound",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/sys/firmware",
"/proc/scsi"
],
Notice /sys/firmware. It had to be masked to hide it from the container, but if you run find /sys and
docker run --rm -it bash find /sys
you will mostly see the same. Except that the firmware is masked.
find /sys/firmware
and
docker run --rm -it bash find /sys/firmware
You can also use the ls -lai command on the host and in a container to list content in the /sys folder. -i will show the inode numbers which would be different in case of different files, but you will see the same.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.