diff options
| author | Giuseppe Scrivano <giuseppe@scrivano.org> | 2019-09-01 00:27:29 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-09-02 13:27:47 +0200 |
| commit | 759ca2cfc66c372dd197b4a2b6cf2b454b497d00 (patch) | |
| tree | e832f04252b2963589fc9e52ca0fbb6eb87ed192 | |
| parent | b101a8d3664f054157a9e3f08a6bf8db0144041c (diff) | |
| download | podman-759ca2cfc66c372dd197b4a2b6cf2b454b497d00.tar.gz podman-759ca2cfc66c372dd197b4a2b6cf2b454b497d00.tar.bz2 podman-759ca2cfc66c372dd197b4a2b6cf2b454b497d00.zip | |
spec: provide custom implementation for getDevices
provide an implementation for getDevices that skip unreadable
directories for the current user.
Based on the implementation from runc/libcontainer.
Closes: https://github.com/containers/libpod/issues/3919
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| -rw-r--r-- | pkg/spec/config_linux.go | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/pkg/spec/config_linux.go b/pkg/spec/config_linux.go index 9636d7a11..32d8cb4de 100644 --- a/pkg/spec/config_linux.go +++ b/pkg/spec/config_linux.go @@ -4,6 +4,7 @@ package createconfig import ( "fmt" + "io/ioutil" "os" "path/filepath" "strings" @@ -133,8 +134,53 @@ func addDevice(g *generate.Generator, device string) error { return nil } +// based on getDevices from runc (libcontainer/devices/devices.go) +func getDevices(path string) ([]*configs.Device, error) { + files, err := ioutil.ReadDir(path) + if err != nil { + if rootless.IsRootless() && os.IsPermission(err) { + return nil, nil + } + return nil, err + } + out := []*configs.Device{} + for _, f := range files { + switch { + case f.IsDir(): + switch f.Name() { + // ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825 + case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts": + continue + default: + sub, err := getDevices(filepath.Join(path, f.Name())) + if err != nil { + return nil, err + } + if sub != nil { + out = append(out, sub...) + } + continue + } + case f.Name() == "console": + continue + } + device, err := devices.DeviceFromPath(filepath.Join(path, f.Name()), "rwm") + if err != nil { + if err == devices.ErrNotADevice { + continue + } + if os.IsNotExist(err) { + continue + } + return nil, err + } + out = append(out, device) + } + return out, nil +} + func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error { - hostDevices, err := devices.HostDevices() + hostDevices, err := getDevices("/dev") if err != nil { return err } |