oci: WithDefaultUnixDevices(): remove tun/tap from the default devices

A container should not have access to tun/tap device, unless it is explicitly specified in configuration. This device was already removed from docker's default, and runc's default; - 2ce40b6ad7 - 9c4570a958 Per the commit message in runc, this should also fix these messages; > Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory coming from systemd on every container start, when the systemd cgroup driver is used, and the system runs an old (< v240) version of systemd (the message was presumably eliminated by [1]). [1]: d5aecba6e0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-11 00:31:15 +02:00 · 2022-05-11 00:31:15 +02:00 · a3ac156007
commit a3ac156007
parent 6067aeb6fd
1 changed files with 1 additions and 8 deletions
--- a/oci/spec_opts.go
+++ b/oci/spec_opts.go
@ -1192,20 +1192,13 @@ func WithDefaultUnixDevices(_ context.Context, _ Client, _ *containers.Container
 			Allow:  true,
 		},
 		{
+			// "dev/ptmx"
 			Type:   "c",
 			Major:  intptr(5),
 			Minor:  intptr(2),
 			Access: rwm,
 			Allow:  true,
 		},
-		{
-			// tuntap
-			Type:   "c",
-			Major:  intptr(10),
-			Minor:  intptr(200),
-			Access: rwm,
-			Allow:  true,
-		},
 	}...)
 	return nil
 }