rootless: create compatible pod infra container

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1372
Approved by: mheon

1 files changed, 15 insertions, 1 deletions

diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index 39bd8d07a..fea79e994 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -8,6 +8,7 @@ import (
 	"github.com/containers/libpod/libpod/image"
 	"github.com/containers/libpod/pkg/rootless"
 	"github.com/cri-o/ocicni/pkg/ocicni"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 )
 
@@ -25,9 +26,22 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID
 		return nil, err
 	}
 
+	isRootless := rootless.IsRootless()
+
 	g.SetRootReadonly(true)
 	g.SetProcessArgs([]string{r.config.InfraCommand})
 
+	if isRootless {
+		g.RemoveMount("/dev/pts")
+		devPts := spec.Mount{
+			Destination: "/dev/pts",
+			Type:        "devpts",
+			Source:      "devpts",
+			Options:     []string{"private", "nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"},
+		}
+		g.AddMount(devPts)
+	}
+
 	containerName := p.ID()[:IDTruncLength] + "-infra"
 	var options []CtrCreateOption
 	options = append(options, r.WithPod(p))
@@ -38,7 +52,7 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID
 	// Since user namespace sharing is not implemented, we only need to check if it's rootless
 	portMappings := make([]ocicni.PortMapping, 0)
 	networks := make([]string, 0)
-	options = append(options, WithNetNS(portMappings, rootless.IsRootless(), networks))
+	options = append(options, WithNetNS(portMappings, isRootless, networks))
 
 	return r.newContainer(ctx, g.Config, options...)
 }