summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <giuseppe@scrivano.org>2019-09-01 00:30:55 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-09-02 13:03:20 +0200
commitb101a8d3664f054157a9e3f08a6bf8db0144041c (patch)
tree3765b1f09f540a000eac05951e95a4c244fd0d0b
parentba1c57030f10ece60678a848e04375e4cd2c843d (diff)
downloadpodman-b101a8d3664f054157a9e3f08a6bf8db0144041c.tar.gz
podman-b101a8d3664f054157a9e3f08a6bf8db0144041c.tar.bz2
podman-b101a8d3664f054157a9e3f08a6bf8db0144041c.zip
spec: do not set devices cgroup when rootless
eBPF requires to be root in the init namespace. Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
-rw-r--r--pkg/spec/config_linux.go7
1 files changed, 4 insertions, 3 deletions
diff --git a/pkg/spec/config_linux.go b/pkg/spec/config_linux.go
index dea9b393c..9636d7a11 100644
--- a/pkg/spec/config_linux.go
+++ b/pkg/spec/config_linux.go
@@ -173,15 +173,16 @@ func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error {
newMounts = append(newMounts, devMnt)
}
g.Config.Mounts = append(newMounts, g.Config.Mounts...)
+ g.Config.Linux.Resources.Devices = nil
} else {
for _, d := range hostDevices {
g.AddDevice(Device(d))
}
+ // Add resources device - need to clear the existing one first.
+ g.Config.Linux.Resources.Devices = nil
+ g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm")
}
- // Add resources device - need to clear the existing one first.
- g.Config.Linux.Resources.Devices = nil
- g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm")
return nil
}