Merge pull request #1455 from 6WIND/master

fix incomplete host device for PrivilegedWithoutHostDevices
2020-04-26 22:28:20 -05:00
parent 197dca5a35 98f8ec4995
commit 4ea4ca99c7
1 changed files with 3 additions and 0 deletions
--- a/pkg/server/container_create_unix.go
+++ b/pkg/server/container_create_unix.go
@@ -175,6 +175,9 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3
 		specOpts = append(specOpts, oci.WithPrivileged)
 		if !ociRuntime.PrivilegedWithoutHostDevices {
 			specOpts = append(specOpts, oci.WithHostDevices, oci.WithAllDevicesAllowed)
+		} else {
+			// add requested devices by the config as host devices are not automatically added
+			specOpts = append(specOpts, customopts.WithDevices(c.os, config), customopts.WithCapabilities(securityContext))
 		}
 	} else { // not privileged
 		specOpts = append(specOpts, customopts.WithDevices(c.os, config), customopts.WithCapabilities(securityContext))