From 0c2d3b718d473157c0e97ebc4e8b217332c1358a Mon Sep 17 00:00:00 2001
From: Lantao Liu <lantaol@google.com>
Date: Mon, 9 Dec 2019 17:42:14 -0800
Subject: [PATCH] Fix privileged devices.

Signed-off-by: Lantao Liu <lantaol@google.com>
---
 pkg/server/container_create_unix.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/server/container_create_unix.go b/pkg/server/container_create_unix.go
index 6f3b8963f..2793c21f2 100644
--- a/pkg/server/container_create_unix.go
+++ b/pkg/server/container_create_unix.go
@@ -170,7 +170,7 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3
 		}
 		specOpts = append(specOpts, oci.WithPrivileged)
 		if !ociRuntime.PrivilegedWithoutHostDevices {
-			specOpts = append(specOpts, oci.WithHostDevices)
+			specOpts = append(specOpts, oci.WithHostDevices, oci.WithAllDevicesAllowed)
 		}
 	} else { // not privileged
 		specOpts = append(specOpts, customopts.WithDevices(c.os, config), customopts.WithCapabilities(securityContext))