From ed0261176b2bd9ccd9a6cbf77727429429b8fedc Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 1 Jun 2018 13:11:54 +0200
Subject: spec: change mount options for /dev/pts in rootless mode

The default /dev/pts has the option gid=5 that might not be mapped in
the rootless case.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #871
Approved by: mheon
---
 pkg/spec/spec.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'pkg/spec')

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 75ab03e53..eb0746b2c 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -1,6 +1,7 @@
 package createconfig
 
 import (
+	"os"
 	"strings"
 
 	"github.com/docker/docker/daemon/caps"
@@ -44,6 +45,16 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 		}
 		g.AddMount(sysMnt)
 	}
+	if os.Getuid() != 0 {
+		g.RemoveMount("/dev/pts")
+		devPts := spec.Mount{
+			Destination: "/dev/pts",
+			Type:        "devpts",
+			Source:      "devpts",
+			Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"},
+		}
+		g.AddMount(devPts)
+	}
 
 	if addCgroup {
 		cgroupMnt := spec.Mount{
-- 
cgit v1.2.3-54-g00ecf