diff options
author | Giuseppe Scrivano <giuseppe@scrivano.org> | 2019-09-01 00:30:55 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-09-02 13:03:20 +0200 |
commit | b101a8d3664f054157a9e3f08a6bf8db0144041c (patch) | |
tree | 3765b1f09f540a000eac05951e95a4c244fd0d0b | |
parent | ba1c57030f10ece60678a848e04375e4cd2c843d (diff) | |
download | podman-b101a8d3664f054157a9e3f08a6bf8db0144041c.tar.gz podman-b101a8d3664f054157a9e3f08a6bf8db0144041c.tar.bz2 podman-b101a8d3664f054157a9e3f08a6bf8db0144041c.zip |
spec: do not set devices cgroup when rootless
eBPF requires to be root in the init namespace.
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
-rw-r--r-- | pkg/spec/config_linux.go | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/pkg/spec/config_linux.go b/pkg/spec/config_linux.go index dea9b393c..9636d7a11 100644 --- a/pkg/spec/config_linux.go +++ b/pkg/spec/config_linux.go @@ -173,15 +173,16 @@ func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error { newMounts = append(newMounts, devMnt) } g.Config.Mounts = append(newMounts, g.Config.Mounts...) + g.Config.Linux.Resources.Devices = nil } else { for _, d := range hostDevices { g.AddDevice(Device(d)) } + // Add resources device - need to clear the existing one first. + g.Config.Linux.Resources.Devices = nil + g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm") } - // Add resources device - need to clear the existing one first. - g.Config.Linux.Resources.Devices = nil - g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm") return nil } |