| Property | Value |
|---|---|
| Severity | Warning |
| Category | Correctness |
| Default | Enabled |
| Auto-fix | No |
Description
DetectsRUN instructions that install NVIDIA Container Toolkit host-side packages
(nvidia-container-toolkit, nvidia-docker2, libnvidia-container*) inside the
container image via a package manager (apt, apt-get, yum, dnf, microdnf, apk).
These packages are part of the
NVIDIA Container Toolkit, which hooks into the
container runtime on the host to expose GPUs to containers. Installing them inside the image does not make the image GPU-enabled, wastes image
layers, and can mask the real requirement: that the host or cluster runtime must have the toolkit configured.
Why this matters
- Wrong layer — the toolkit runs on the host/node, not in the container
- Does not enable GPU access — GPU device injection is handled by the container runtime (e.g.,
nvidia-container-runtime, CDI), not by packages inside the image - Bloats the image — the toolkit pulls in host-specific libraries that serve no purpose in the container filesystem
- Hides requirements — a working GPU setup depends on the host runtime configuration, not on image contents
Examples
Violation
No violation
Matched packages
| Package | Description |
|---|---|
nvidia-container-toolkit | Main toolkit meta-package (CLI, hook, CDI generator) |
nvidia-docker2 | Legacy wrapper for Docker runtime integration |
libnvidia-container* | Low-level container GPU library (libnvidia-container1, libnvidia-container-tools, etc.) |