containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

specgen: honor --device-cgroup-rule with a new user namespace 

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2023-06-26 17:21:44 +02:00
parent 0220f33384
commit 227c07aebc
No known key found for this signature in database
GPG Key ID: 67E38F7A8BA21772
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/specgen/generate/oci_linux.go
View File

@ -258,7 +258,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
if isRootless && len(s.DeviceCgroupRule) > 0 { if isRootless && len(s.DeviceCgroupRule) > 0 {
return nil, fmt.Errorf("device cgroup rules are not supported in rootless mode or in a user namespace") return nil, fmt.Errorf("device cgroup rules are not supported in rootless mode or in a user namespace")
} }
if !inUserNS && !s.Privileged { if !isRootless && !s.Privileged {
for _, dev := range s.DeviceCgroupRule { for _, dev := range s.DeviceCgroupRule {
g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access) g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
} }