A container should not have access to tun/tap device, unless it is explicitly
specified in configuration.
This device was already removed from docker's default, and runc's default;
- 2ce40b6ad7
- 9c4570a958
Per the commit message in runc, this should also fix these messages;
> Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory
coming from systemd on every container start, when the systemd cgroup driver
is used, and the system runs an old (< v240) version of systemd
(the message was presumably eliminated by [1]).
[1]: d5aecba6e0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
a3ac156007