diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-09-22 19:03:15 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-22 19:03:15 +0200 |
commit | 08993516a939576fa009db6e7ed32524026a822d (patch) | |
tree | 05fd47ec0708f53e095004af48b853cd41316d57 /pkg | |
parent | 8bf3535447fe9f482b329e962e173ade26456e6d (diff) | |
parent | 5a2405ae1b3a51a7fb1f01de89bd6b2c60416f08 (diff) | |
download | podman-08993516a939576fa009db6e7ed32524026a822d.tar.gz podman-08993516a939576fa009db6e7ed32524026a822d.tar.bz2 podman-08993516a939576fa009db6e7ed32524026a822d.zip |
Merge pull request #15895 from dcermak/don-expose-dev-for-privileged
Don't mount /dev/ inside privileged containers running systemd
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/util/utils_freebsd.go | 2 | ||||
-rw-r--r-- | pkg/util/utils_linux.go | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/pkg/util/utils_freebsd.go b/pkg/util/utils_freebsd.go index 9b0d7c8c7..ba91308af 100644 --- a/pkg/util/utils_freebsd.go +++ b/pkg/util/utils_freebsd.go @@ -13,6 +13,6 @@ func GetContainerPidInformationDescriptors() ([]string, error) { return []string{}, errors.New("this function is not supported on freebsd") } -func AddPrivilegedDevices(g *generate.Generator) error { +func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error { return nil } diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go index 7b2d98666..07927db1c 100644 --- a/pkg/util/utils_linux.go +++ b/pkg/util/utils_linux.go @@ -70,7 +70,7 @@ func FindDeviceNodes() (map[string]string, error) { return nodes, nil } -func AddPrivilegedDevices(g *generate.Generator) error { +func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error { hostDevices, err := getDevices("/dev") if err != nil { return err @@ -104,6 +104,9 @@ func AddPrivilegedDevices(g *generate.Generator) error { } } else { for _, d := range hostDevices { + if systemdMode && strings.HasPrefix(d.Path, "/dev/tty") { + continue + } g.AddDevice(d) } // Add resources device - need to clear the existing one first. |