diff options
| -rw-r--r-- | .github/PULL_REQUEST_TEMPLATE.md | 30 | ||||
| -rw-r--r-- | cmd/podman/containers/kill.go | 9 | ||||
| -rw-r--r-- | pkg/specgen/generate/oci.go | 8 | ||||
| -rw-r--r-- | test/e2e/run_device_test.go | 7 | ||||
| -rw-r--r-- | test/system/130-kill.bats | 14 |
5 files changed, 33 insertions, 35 deletions
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index f5f0b21be..16ec09357 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -9,33 +9,3 @@ Finally, be sure to sign commits with your real name. Since by opening a PR you already have commits, you can add signatures if needed with something like `git commit -s --amend`. --> - -#### What this PR does / why we need it: - -<!--- -Please put your overall PR description here ---> - -#### How to verify it - -<!--- -Please specify the precise conditions and/or the specific test(s) which must pass. ---> - -#### Which issue(s) this PR fixes: - -<!-- -Please uncomment this block and include only one of the following on a -line by itself: - -None - --OR- - -Fixes #<issue number> - -*** Please also put 'Fixes #' in the commit and PR description*** - ---> - -#### Special notes for your reviewer: diff --git a/cmd/podman/containers/kill.go b/cmd/podman/containers/kill.go index 449484449..fe4083df8 100644 --- a/cmd/podman/containers/kill.go +++ b/cmd/podman/containers/kill.go @@ -108,10 +108,13 @@ func kill(_ *cobra.Command, args []string) error { return err } for _, r := range responses { - if r.Err == nil { - fmt.Println(r.RawInput) - } else { + switch { + case r.Err != nil: errs = append(errs, r.Err) + case r.RawInput != "": + fmt.Println(r.RawInput) + default: + fmt.Println(r.Id) } } return errs.PrintErrors() diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 9f8807915..efac53104 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -325,8 +325,12 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt } s.HostDeviceList = s.Devices - for _, dev := range s.DeviceCGroupRule { - g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access) + // set the devices cgroup when not running in a user namespace + if !inUserNS && !s.Privileged { + g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm") + for _, dev := range s.DeviceCGroupRule { + g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access) + } } for k, v := range s.WeightDevice { diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index 08905aed2..fbf1eb791 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -119,4 +119,11 @@ var _ = Describe("Podman run device", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }) + + It("podman run cannot access non default devices", func() { + session := podmanTest.Podman([]string{"run", "-v /dev:/dev-host", ALPINE, "head", "-1", "/dev-host/kmsg"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Not(Exit(0))) + }) + }) diff --git a/test/system/130-kill.bats b/test/system/130-kill.bats index 1ff3a7b61..a9456e03c 100644 --- a/test/system/130-kill.bats +++ b/test/system/130-kill.bats @@ -116,4 +116,18 @@ load helpers is "$output" "Error: valid signals are 1 through 64" "podman create" } +@test "podman kill - print IDs or raw input" { + # kill -a must print the IDs + run_podman run --rm -d $IMAGE top + ctrID="$output" + run_podman kill -a + is "$output" "$ctrID" + + # kill $input must print $input + cname=$(random_string) + run_podman run --rm -d --name $cname $IMAGE top + run_podman kill $cname + is "$output" $cname +} + # vim: filetype=sh |