From 31294799c473da400914cf1b4e2e845757f5be0c Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 13 Sep 2018 17:12:23 -0400
Subject: Don't mount /dev/* if user mounted /dev

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/spec/spec.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'pkg')

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index cc3501e1e..5757a36fe 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -318,8 +318,18 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 		for _, mount := range mounts {
 			destinations[path.Clean(mount.Destination)] = true
 		}
+
+		// Copy all mounts from spec to defaultMounts, except for
+		//  - mounts overridden by a user supplied mount;
+		//  - all mounts under /dev if a user supplied /dev is present;
+		mountDev := destinations["/dev"]
 		for _, mount := range configSpec.Mounts {
 			if _, ok := destinations[path.Clean(mount.Destination)]; !ok {
+				if mountDev && strings.HasPrefix(mount.Destination, "/dev/") {
+					// filter out everything under /dev if /dev is user-mounted
+					continue
+				}
+
 				logrus.Debugf("Adding mount %s", mount.Destination)
 				mounts = append(mounts, mount)
 			}
-- 
cgit v1.2.3-54-g00ecf