Add comment on rootless containers creating device nodes

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
author: Daniel J Walsh <dwalsh@redhat.com> 2019-12-03 03:36:16 +0100
committer: Daniel J Walsh <dwalsh@redhat.com> 2019-12-03 03:38:41 +0100
commit: 8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74 (patch)
tree: fb27675c6b7c2ff0f742b1180f6fb2c72c31ee26 /rootless.md
parent: 711728672f93d20d4aaf084e49db5e282fece952 (diff)
download: podman-8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74.tar.gz
podman-8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74.tar.bz2
podman-8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/rootless.md b/rootless.md
index 4fb3c7deb..69de6db21 100644
--- a/rootless.md
+++ b/rootless.md
@@ -42,3 +42,5 @@ can easily fail
   * Pause and Unpause (Works with cgroup V2 support)
 * Issues with higher UIDs can cause builds to fail
   * If a build is attempting to use a UID that is not mapped into the user namespace mapping for a container, then builds will not be able to put the UID in an image.
+* Making device nodes within a container fails, even when running --privileged.
+  * Kernel does not allow non root user processes (processes without CAP_MKNOD) to create device nodes.  If container needs to create device nodes, it must be run as root.
author	Daniel J Walsh <dwalsh@redhat.com>	2019-12-03 03:36:16 +0100
committer	Daniel J Walsh <dwalsh@redhat.com>	2019-12-03 03:38:41 +0100
commit	8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74 (patch)
tree	fb27675c6b7c2ff0f742b1180f6fb2c72c31ee26 /rootless.md
parent	711728672f93d20d4aaf084e49db5e282fece952 (diff)
download	podman-8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74.tar.gz podman-8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74.tar.bz2 podman-8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74.zip