containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

spec: do not set devices cgroup when rootless 

eBPF requires to be root in the init namespace.

Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
This commit is contained in:
Giuseppe Scrivano 2019-09-01 00:30:55 +02:00 committed by Giuseppe Scrivano
parent ba1c57030f
commit b101a8d366
No known key found for this signature in database
GPG Key ID: E4730F97F60286ED
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/spec/config_linux.go
View File

@ -173,15 +173,16 @@ func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error {
newMounts = append(newMounts, devMnt) newMounts = append(newMounts, devMnt)
} }
g.Config.Mounts = append(newMounts, g.Config.Mounts...) g.Config.Mounts = append(newMounts, g.Config.Mounts...)
g.Config.Linux.Resources.Devices = nil
} else { } else {
for _, d := range hostDevices { for _, d := range hostDevices {
g.AddDevice(Device(d)) g.AddDevice(Device(d))
} }
}
// Add resources device - need to clear the existing one first. // Add resources device - need to clear the existing one first.
g.Config.Linux.Resources.Devices = nil g.Config.Linux.Resources.Devices = nil
g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm") g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm")
}
return nil return nil
} }