Don't mount /dev/tty* inside privileged containers running systemd - containers/podman.git - forked from: https://github.com/containers/podman.git

diff options

author	Dan Čermák <dcermak@suse.com>	2022-09-21 23:09:10 +0200
committer	Dan Čermák <dcermak@suse.com>	2022-09-22 16:44:26 +0200
commit	5a2405ae1b3a51a7fb1f01de89bd6b2c60416f08 (patch)
tree	75d118cca1ec243b737e883651bbb6229e41722f /vendor/github.com/docker/docker-credential-helpers/client/command.go
parent	828fae12971c5a7b9807c8c4f8e029fe5d0ddc2f (diff)
download	podman-5a2405ae1b3a51a7fb1f01de89bd6b2c60416f08.tar.gz podman-5a2405ae1b3a51a7fb1f01de89bd6b2c60416f08.tar.bz2 podman-5a2405ae1b3a51a7fb1f01de89bd6b2c60416f08.zip

Don't mount /dev/tty* inside privileged containers running systemd

According to https://systemd.io/CONTAINER_INTERFACE/, systemd will try take control over /dev/ttyN if exported, which can cause conflicts with the host's tty in privileged containers. Thus we will not expose these to privileged containers in systemd mode, as this is a bad idea according to systemd's maintainers. Additionally, this commit adds a bats regression test to check that no /dev/ttyN are present in a privileged container in systemd mode This fixes https://github.com/containers/podman/issues/15878 Signed-off-by: Dan Čermák <dcermak@suse.com>

Diffstat (limited to 'vendor/github.com/docker/docker-credential-helpers/client/command.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: