From d3260738d330b6141fec5f11f1a3a91f40365018 Mon Sep 17 00:00:00 2001
From: Qi Wang <qiwan@redhat.com>
Date: Thu, 6 Feb 2020 17:24:29 -0500
Subject: support device-cgroup-rule

fix #4876
Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created.

Signed-off-by: Qi Wang <qiwan@redhat.com>
---
 pkg/spec/spec.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'pkg/spec/spec.go')

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index cae055bb0..b2a152a2d 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -232,6 +232,12 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
 				return nil, err
 			}
 		}
+		if len(config.Resources.DeviceCgroupRules) != 0 {
+			if err := deviceCgroupRules(&g, config.Resources.DeviceCgroupRules); err != nil {
+				return nil, err
+			}
+			addedResources = true
+		}
 	}
 
 	// SECURITY OPTS
-- 
cgit v1.2.3-54-g00ecf