Support DeviceCgroupRules to actually get added.

Fixes: https://github.com/containers/podman/issues/10302 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
author: Daniel J Walsh <dwalsh@redhat.com> 2021-07-09 16:01:35 -0400
committer: Daniel J Walsh <dwalsh@redhat.com> 2021-07-21 16:10:09 -0400
commit: 3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3 (patch)
tree: e8bd1f72e0f4a3fdaf290375e75b31e00bab8d56 /pkg/specgen/generate/oci.go
parent: 6370622444676db812cbc54aef56e691ea7788d0 (diff)
download: podman-3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3.tar.gz
podman-3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3.tar.bz2
podman-3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index bf8d44ed6..6e310d8a6 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -321,6 +321,10 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		}
 	}
 
+	for _, dev := range s.DeviceCGroupRule {
+		g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
+	}
+
 	BlockAccessToKernelFilesystems(s.Privileged, s.PidNS.IsHost(), s.Mask, s.Unmask, &g)
 
 	for name, val := range s.Env {
author	Daniel J Walsh <dwalsh@redhat.com>	2021-07-09 16:01:35 -0400
committer	Daniel J Walsh <dwalsh@redhat.com>	2021-07-21 16:10:09 -0400
commit	3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3 (patch)
tree	e8bd1f72e0f4a3fdaf290375e75b31e00bab8d56 /pkg/specgen/generate/oci.go
parent	6370622444676db812cbc54aef56e691ea7788d0 (diff)
download	podman-3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3.tar.gz podman-3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3.tar.bz2 podman-3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3.zip