fix: add security ctx for hypervisor init (#278)

Author: Code2Life

internal/utils/compose.go

@@ -351,12 +351,16 @@ func composeHypervisorInitContainer(spec *v1.PodSpec, pool *tfv1.GPUPool) {
 	spec.InitContainers = append(spec.InitContainers, v1.Container{
 		Name:    "init-shm",
 		Image:   pool.Spec.ComponentConfig.Hypervisor.Image,
-		Command: []string{"hypervisor", "mount-shm"},
+		Command: []string{"./hypervisor", "mount-shm"},
+		SecurityContext: &v1.SecurityContext{
+			Privileged: ptr.To(true),
+		},
 		VolumeMounts: []v1.VolumeMount{
 			{
-				Name:      constants.DataVolumeName,
-				ReadOnly:  false,
-				MountPath: constants.TFDataPath,
+				Name:             constants.DataVolumeName,
+				ReadOnly:         false,
+				MountPath:        constants.TFDataPath,
+				MountPropagation: ptr.To(v1.MountPropagationBidirectional),
 			},
 		},
 	})