github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #5686 from dtnyn/issue-5679

Browse Source 
Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices
This commit is contained in:
Kazuyoshi Kato
2022-04-25 11:44:01 -07:00
committed by GitHub
parent 2ca54ee8ae afe39bebfe
commit f140400c0e
5 changed files with 65 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/cri/server/container_create_linux.go
View File

@@ -227,6 +227,9 @@ func (c *criService) containerSpec(
specOpts = append(specOpts, oci.WithPrivileged)
if !ociRuntime.PrivilegedWithoutHostDevices {
specOpts = append(specOpts, oci.WithHostDevices, oci.WithAllDevicesAllowed)
} else if ociRuntime.PrivilegedWithoutHostDevicesAllDevicesAllowed {
// allow rwm on all devices for the container
specOpts = append(specOpts, oci.WithAllDevicesAllowed)
}
}