From 3e79296a81ad723c6c3e8ea7d9ca142dfa8fbdf3 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 9 Jul 2021 16:01:35 -0400
Subject: Support DeviceCgroupRules to actually get added.

Fixes: https://github.com/containers/podman/issues/10302

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/specgen/generate/oci.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/specgen/generate/oci.go')

diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index bf8d44ed6..6e310d8a6 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -321,6 +321,10 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		}
 	}
 
+	for _, dev := range s.DeviceCGroupRule {
+		g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
+	}
+
 	BlockAccessToKernelFilesystems(s.Privileged, s.PidNS.IsHost(), s.Mask, s.Unmask, &g)
 
 	for name, val := range s.Env {
-- 
cgit v1.2.3-54-g00ecf