diff options
| -rw-r--r-- | cmd/podman/containers/kill.go | 9 | ||||
| -rw-r--r-- | pkg/specgen/generate/oci.go | 8 | ||||
| -rw-r--r-- | test/e2e/run_device_test.go | 7 | ||||
| -rw-r--r-- | test/system/130-kill.bats | 14 |
4 files changed, 33 insertions, 5 deletions
diff --git a/cmd/podman/containers/kill.go b/cmd/podman/containers/kill.go index 449484449..fe4083df8 100644 --- a/cmd/podman/containers/kill.go +++ b/cmd/podman/containers/kill.go @@ -108,10 +108,13 @@ func kill(_ *cobra.Command, args []string) error { return err } for _, r := range responses { - if r.Err == nil { - fmt.Println(r.RawInput) - } else { + switch { + case r.Err != nil: errs = append(errs, r.Err) + case r.RawInput != "": + fmt.Println(r.RawInput) + default: + fmt.Println(r.Id) } } return errs.PrintErrors() diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 9f8807915..efac53104 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -325,8 +325,12 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt } s.HostDeviceList = s.Devices - for _, dev := range s.DeviceCGroupRule { - g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access) + // set the devices cgroup when not running in a user namespace + if !inUserNS && !s.Privileged { + g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm") + for _, dev := range s.DeviceCGroupRule { + g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access) + } } for k, v := range s.WeightDevice { diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index 08905aed2..fbf1eb791 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -119,4 +119,11 @@ var _ = Describe("Podman run device", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }) + + It("podman run cannot access non default devices", func() { + session := podmanTest.Podman([]string{"run", "-v /dev:/dev-host", ALPINE, "head", "-1", "/dev-host/kmsg"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Not(Exit(0))) + }) + }) diff --git a/test/system/130-kill.bats b/test/system/130-kill.bats index 1ff3a7b61..a9456e03c 100644 --- a/test/system/130-kill.bats +++ b/test/system/130-kill.bats @@ -116,4 +116,18 @@ load helpers is "$output" "Error: valid signals are 1 through 64" "podman create" } +@test "podman kill - print IDs or raw input" { + # kill -a must print the IDs + run_podman run --rm -d $IMAGE top + ctrID="$output" + run_podman kill -a + is "$output" "$ctrID" + + # kill $input must print $input + cname=$(random_string) + run_podman run --rm -d --name $cname $IMAGE top + run_podman kill $cname + is "$output" $cname +} + # vim: filetype=sh |