From 4243ca93a42c3ed977662c570302be8a7dc5c5ca Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 16 Dec 2021 09:41:53 +0100 Subject: oci: configure the devices cgroup with default devices always set the default devices to the devices cgroup when not running in a user namespace. Signed-off-by: Giuseppe Scrivano --- test/e2e/run_device_test.go | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'test') diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index 08905aed2..fbf1eb791 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -119,4 +119,11 @@ var _ = Describe("Podman run device", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }) + + It("podman run cannot access non default devices", func() { + session := podmanTest.Podman([]string{"run", "-v /dev:/dev-host", ALPINE, "head", "-1", "/dev-host/kmsg"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Not(Exit(0))) + }) + }) -- cgit v1.2.3-54-g00ecf