8 files changed, 56 insertions, 14 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 355fbc368..532a2094f 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -4,9 +4,9 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/rootless"
-	"github.com/containers/podman/v4/pkg/util"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index e4c149abf..689c740f0 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -16,6 +16,7 @@ import (
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/parse"
 	"github.com/containers/common/pkg/secrets"
+	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/podman/v4/libpod/define"
 	ann "github.com/containers/podman/v4/pkg/annotations"
@@ -356,7 +357,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 			// a selinux mount option exists for it
 			for k, v := range opts.Annotations {
 				// Make sure the z/Z option is not already there (from editing the YAML)
-				if strings.Replace(k, define.BindMountPrefix, "", 1) == volumeSource.Source && !util.StringInSlice("z", options) && !util.StringInSlice("Z", options) {
+				if strings.Replace(k, define.BindMountPrefix, "", 1) == volumeSource.Source && !cutil.StringInSlice("z", options) && !cutil.StringInSlice("Z", options) {
 					options = append(options, v)
 				}
 			}
@@ -381,6 +382,22 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
 				Options: options,
 			}
 			s.Volumes = append(s.Volumes, &cmVolume)
+		case KubeVolumeTypeCharDevice:
+			// We are setting the path as hostPath:mountPath to comply with pkg/specgen/generate.DeviceFromPath.
+			// The type is here just to improve readability as it is not taken into account when the actual device is created.
+			device := spec.LinuxDevice{
+				Path: fmt.Sprintf("%s:%s", volumeSource.Source, volume.MountPath),
+				Type: "c",
+			}
+			s.Devices = append(s.Devices, device)
+		case KubeVolumeTypeBlockDevice:
+			// We are setting the path as hostPath:mountPath to comply with pkg/specgen/generate.DeviceFromPath.
+			// The type is here just to improve readability as it is not taken into account when the actual device is created.
+			device := spec.LinuxDevice{
+				Path: fmt.Sprintf("%s:%s", volumeSource.Source, volume.MountPath),
+				Type: "b",
+			}
+			s.Devices = append(s.Devices, device)
 		default:
 			return nil, errors.Errorf("Unsupported volume source type")
 		}
diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go
index 27881e77a..1d6d49b9d 100644
--- a/pkg/specgen/generate/kube/volume.go
+++ b/pkg/specgen/generate/kube/volume.go
@@ -22,8 +22,10 @@ type KubeVolumeType int
 
 const (
 	KubeVolumeTypeBindMount KubeVolumeType = iota
-	KubeVolumeTypeNamed     KubeVolumeType = iota
-	KubeVolumeTypeConfigMap KubeVolumeType = iota
+	KubeVolumeTypeNamed
+	KubeVolumeTypeConfigMap
+	KubeVolumeTypeBlockDevice
+	KubeVolumeTypeCharDevice
 )
 
 //nolint:revive
@@ -78,7 +80,30 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error)
 			if st.Mode()&os.ModeSocket != os.ModeSocket {
 				return nil, errors.Errorf("checking HostPathSocket: path %s is not a socket", hostPath.Path)
 			}
-
+		case v1.HostPathBlockDev:
+			dev, err := os.Stat(hostPath.Path)
+			if err != nil {
+				return nil, errors.Wrap(err, "error checking HostPathBlockDevice")
+			}
+			if dev.Mode()&os.ModeCharDevice == os.ModeCharDevice {
+				return nil, errors.Errorf("checking HostPathDevice: path %s is not a block device", hostPath.Path)
+			}
+			return &KubeVolume{
+				Type:   KubeVolumeTypeBlockDevice,
+				Source: hostPath.Path,
+			}, nil
+		case v1.HostPathCharDev:
+			dev, err := os.Stat(hostPath.Path)
+			if err != nil {
+				return nil, errors.Wrap(err, "error checking HostPathCharDevice")
+			}
+			if dev.Mode()&os.ModeCharDevice != os.ModeCharDevice {
+				return nil, errors.Errorf("checking HostPathCharDevice: path %s is not a character device", hostPath.Path)
+			}
+			return &KubeVolume{
+				Type:   KubeVolumeTypeCharDevice,
+				Source: hostPath.Path,
+			}, nil
 		case v1.HostPathDirectory:
 		case v1.HostPathFile:
 		case v1.HostPathUnset:
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 081df0441..dda2de6e4 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -128,7 +128,7 @@ func makeCommand(s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *c
 		if initPath == "" {
 			return nil, errors.Errorf("no path to init binary found but container requested an init")
 		}
-		finalCommand = append([]string{"/dev/init", "--"}, finalCommand...)
+		finalCommand = append([]string{define.ContainerInitPath, "--"}, finalCommand...)
 	}
 
 	return finalCommand, nil
diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go
index bec548d3b..4243630e2 100644
--- a/pkg/specgen/generate/ports.go
+++ b/pkg/specgen/generate/ports.go
@@ -10,9 +10,9 @@ import (
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/podman/v4/utils"
 
+	"github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/pkg/specgen"
 	"github.com/containers/podman/v4/pkg/specgenutil"
-	"github.com/containers/podman/v4/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index ec52164ab..7268ec318 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -7,6 +7,7 @@ import (
 	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/capabilities"
 	"github.com/containers/common/pkg/config"
+	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/specgen"
@@ -120,7 +121,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 		// capabilities, required to run the container.
 		var capsRequiredRequested []string
 		for key, val := range s.Labels {
-			if util.StringInSlice(key, capabilities.ContainerImageLabels) {
+			if cutil.StringInSlice(key, capabilities.ContainerImageLabels) {
 				capsRequiredRequested = strings.Split(val, ",")
 			}
 		}
@@ -132,7 +133,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 			}
 			// Verify all capRequired are in the capList
 			for _, cap := range capsRequired {
-				if !util.StringInSlice(cap, caplist) {
+				if !cutil.StringInSlice(cap, caplist) {
 					privCapsRequired = append(privCapsRequired, cap)
 				}
 			}
diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go
index f30fc4671..0a4d03780 100644
--- a/pkg/specgen/generate/storage.go
+++ b/pkg/specgen/generate/storage.go
@@ -20,9 +20,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-var (
-	errDuplicateDest = errors.Errorf("duplicate mount destination")
-)
+var errDuplicateDest = errors.Errorf("duplicate mount destination")
 
 // Produce final mounts and named volumes for a container
 func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, img *libimage.Image) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) {
@@ -359,7 +357,7 @@ func getVolumesFrom(volumesFrom []string, runtime *libpod.Runtime) (map[string]s
 // This does *NOT* modify the container command - that must be done elsewhere.
 func addContainerInitBinary(s *specgen.SpecGenerator, path string) (spec.Mount, error) {
 	mount := spec.Mount{
-		Destination: "/dev/init",
+		Destination: define.ContainerInitPath,
 		Type:        define.TypeBind,
 		Source:      path,
 		Options:     []string{define.TypeBind, "ro"},
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index 7a7ca2706..5a3b94ca4 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/cgroups"
+	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/pkg/util"
@@ -472,7 +473,7 @@ func ParseNetworkFlag(networks []string) (Namespace, map[string]types.PerNetwork
 			if parts[0] == "" {
 				return toReturn, nil, nil, errors.Wrapf(define.ErrInvalidArg, "network name cannot be empty")
 			}
-			if util.StringInSlice(parts[0], []string{string(Bridge), string(Slirp), string(FromPod), string(NoNetwork),
+			if cutil.StringInSlice(parts[0], []string{string(Bridge), string(Slirp), string(FromPod), string(NoNetwork),
 				string(Default), string(Private), string(Path), string(FromContainer), string(Host)}) {
 				return toReturn, nil, nil, errors.Wrapf(define.ErrInvalidArg, "can only set extra network names, selected mode %s conflicts with bridge", parts[0])
 			}