From d3260738d330b6141fec5f11f1a3a91f40365018 Mon Sep 17 00:00:00 2001
From: Qi Wang <qiwan@redhat.com>
Date: Thu, 6 Feb 2020 17:24:29 -0500
Subject: support device-cgroup-rule

fix #4876
Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created.

Signed-off-by: Qi Wang <qiwan@redhat.com>
---
 cmd/podman/common.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'cmd/podman/common.go')

diff --git a/cmd/podman/common.go b/cmd/podman/common.go
index 7610edbc0..6fa2b3c71 100644
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@@ -256,6 +256,10 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
 		"device", []string{},
 		"Add a host device to the container (default [])",
 	)
+	createFlags.StringSlice(
+		"device-cgroup-rule", []string{},
+		"Add a rule to the cgroup allowed devices list",
+	)
 	createFlags.StringSlice(
 		"device-read-bps", []string{},
 		"Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)",
-- 
cgit v1.2.3-54-g00ecf