aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-09-22 19:03:15 +0200
committerGitHub <noreply@github.com>2022-09-22 19:03:15 +0200
commit08993516a939576fa009db6e7ed32524026a822d (patch)
tree05fd47ec0708f53e095004af48b853cd41316d57 /pkg
parent8bf3535447fe9f482b329e962e173ade26456e6d (diff)
parent5a2405ae1b3a51a7fb1f01de89bd6b2c60416f08 (diff)
downloadpodman-08993516a939576fa009db6e7ed32524026a822d.tar.gz
podman-08993516a939576fa009db6e7ed32524026a822d.tar.bz2
podman-08993516a939576fa009db6e7ed32524026a822d.zip
Merge pull request #15895 from dcermak/don-expose-dev-for-privileged
Don't mount /dev/ inside privileged containers running systemd
Diffstat (limited to 'pkg')
-rw-r--r--pkg/util/utils_freebsd.go2
-rw-r--r--pkg/util/utils_linux.go5
2 files changed, 5 insertions, 2 deletions
diff --git a/pkg/util/utils_freebsd.go b/pkg/util/utils_freebsd.go
index 9b0d7c8c7..ba91308af 100644
--- a/pkg/util/utils_freebsd.go
+++ b/pkg/util/utils_freebsd.go
@@ -13,6 +13,6 @@ func GetContainerPidInformationDescriptors() ([]string, error) {
return []string{}, errors.New("this function is not supported on freebsd")
}
-func AddPrivilegedDevices(g *generate.Generator) error {
+func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
return nil
}
diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
index 7b2d98666..07927db1c 100644
--- a/pkg/util/utils_linux.go
+++ b/pkg/util/utils_linux.go
@@ -70,7 +70,7 @@ func FindDeviceNodes() (map[string]string, error) {
return nodes, nil
}
-func AddPrivilegedDevices(g *generate.Generator) error {
+func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
hostDevices, err := getDevices("/dev")
if err != nil {
return err
@@ -104,6 +104,9 @@ func AddPrivilegedDevices(g *generate.Generator) error {
}
} else {
for _, d := range hostDevices {
+ if systemdMode && strings.HasPrefix(d.Path, "/dev/tty") {
+ continue
+ }
g.AddDevice(d)
}
// Add resources device - need to clear the existing one first.