summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate/oci.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-12-16 15:15:49 +0100
committerGitHub <noreply@github.com>2021-12-16 15:15:49 +0100
commitd1c91c128ea32dae3e9c56c657ea57dfed9f6ad4 (patch)
tree49d510d1e2c069766633367204e97c0475097abf /pkg/specgen/generate/oci.go
parent91e55e263e860af24f176c5e62405a54ef7356de (diff)
parent4243ca93a42c3ed977662c570302be8a7dc5c5ca (diff)
downloadpodman-d1c91c128ea32dae3e9c56c657ea57dfed9f6ad4.tar.gz
podman-d1c91c128ea32dae3e9c56c657ea57dfed9f6ad4.tar.bz2
podman-d1c91c128ea32dae3e9c56c657ea57dfed9f6ad4.zip
Merge pull request #12618 from giuseppe/dev-cgroup-add-default-devices
oci: configure the devices cgroup with default devices
Diffstat (limited to 'pkg/specgen/generate/oci.go')
-rw-r--r--pkg/specgen/generate/oci.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 9f8807915..efac53104 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -325,8 +325,12 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
}
s.HostDeviceList = s.Devices
- for _, dev := range s.DeviceCGroupRule {
- g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
+ // set the devices cgroup when not running in a user namespace
+ if !inUserNS && !s.Privileged {
+ g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm")
+ for _, dev := range s.DeviceCGroupRule {
+ g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
+ }
}
for k, v := range s.WeightDevice {
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-12 15:47:08 +0000