daemon: Enable CDI by default

CDI will now be enabled by default unless opted-out by setting `cdi` feature to `false`. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2026-01-11 18:51:37 +00:00 · 2025-05-13 10:59:39 +02:00
parent 5919ab26f0
commit 4cecce03f6
3 changed files with 44 additions and 21 deletions
--- a/cmd/dockerd/daemon.go
+++ b/cmd/dockerd/daemon.go
@@ -251,7 +251,7 @@ func (cli *daemonCLI) start(ctx context.Context) (err error) {
 	// In order to lift this restriction the following would have to be addressed:
 	// - Support needs to be added to the cdi package for injecting Windows devices: https://tags.cncf.io/container-device-interface/issues/28
 	// - The DeviceRequests API must be extended to non-linux platforms.
-	if runtime.GOOS == "linux" && cli.Config.Features["cdi"] {
+	if cdiEnabled(cli.Config) {
 		daemon.RegisterCDIDriver(cli.Config.CDISpecDirs...)
 	}

@@ -398,12 +398,13 @@ func initBuildkit(ctx context.Context, d *daemon.Daemon) (_ builderOptions, clos
 		return builderOptions{}, closeFn, err
 	}

+	cfg := d.Config()
+
 	var cdiSpecDirs []string
-	if d.Features()["cdi"] {
-		cdiSpecDirs = d.Config().CDISpecDirs
+	if cdiEnabled(&cfg) {
+		cdiSpecDirs = cfg.CDISpecDirs
 	}

-	cfg := d.Config()
 	bk, err := buildkit.New(ctx, buildkit.Opt{
 		SessionManager:      sm,
 		Root:                filepath.Join(cfg.Root, "buildkit"),
@@ -652,8 +653,9 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
 		// If CDISpecDirs is set to an empty string, we clear it to ensure that CDI is disabled.
 		conf.CDISpecDirs = nil
 	}
-	if !conf.Features["cdi"] {
-		// If the CDI feature is not enabled, we clear the CDISpecDirs to ensure that CDI is disabled.
+	// Only clear CDISpecDirs if CDI is explicitly disabled
+	if val, exists := conf.Features["cdi"]; exists && !val {
+		// If the CDI feature is explicitly disabled, we clear the CDISpecDirs to ensure that CDI is disabled.
 		conf.CDISpecDirs = nil
 	}

@@ -1050,3 +1052,16 @@ func (cli *daemonCLI) initializeContainerd(ctx context.Context) (func(time.Durat
 	// Try to wait for containerd to shutdown
 	return r.WaitTimeout, nil
 }
+
+// cdiEnabled returns true if CDI feature wasn't explicitly disabled via
+// features.
+func cdiEnabled(conf *config.Config) bool {
+	if runtime.GOOS != "linux" {
+		return false
+	}
+	val, ok := conf.Features["cdi"]
+	if !ok {
+		return true
+	}
+	return val
+}
--- a/cmd/dockerd/daemon_test.go
+++ b/cmd/dockerd/daemon_test.go
@@ -220,7 +220,12 @@ func TestCDISpecDirs(t *testing.T) {
 		expectedCDISpecDirs []string
 	}{
 		{
-			description:         "CDI enabled and no spec dirs specified returns default",
+			description:         "CDI enabled by default",
+			specDirs:            nil,
+			expectedCDISpecDirs: []string{"/etc/cdi", "/var/run/cdi"},
+		},
+		{
+			description:         "CDI explicitly enabled and no spec dirs specified returns default",
 			specDirs:            nil,
 			configContent:       `{"features": {"cdi": true}}`,
 			expectedCDISpecDirs: []string{"/etc/cdi", "/var/run/cdi"},
@@ -245,11 +250,13 @@ func TestCDISpecDirs(t *testing.T) {
 		{
 			description:         "CDI disabled and no spec dirs specified returns no cdi spec dirs",
 			specDirs:            nil,
+			configContent:       `{"features": {"cdi": false}}`,
 			expectedCDISpecDirs: nil,
 		},
 		{
 			description:         "CDI disabled and specified spec dirs returns no cdi spec dirs",
 			specDirs:            []string{"/foo/bar", "/baz/qux"},
+			configContent:       `{"features": {"cdi": false}}`,
 			expectedCDISpecDirs: nil,
 		},
 	}