github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
a3ac156007
containerd/oci
History
Sebastiaan van Stijn a3ac156007
oci: WithDefaultUnixDevices(): remove tun/tap from the default devices 
A container should not have access to tun/tap device, unless it is explicitly
specified in configuration.

This device was already removed from docker's default, and runc's default;

- 2ce40b6ad7
- 9c4570a958

Per the commit message in runc, this should also fix these messages;

> Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory

coming from systemd on every container start, when the systemd cgroup driver
is used, and the system runs an old (< v240) version of systemd
(the message was presumably eliminated by [1]).

[1]: d5aecba6e0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-11 00:31:59 +02:00
..
client.go Licence header added 2018-02-19 10:32:26 +09:00
mounts_freebsd.go Add ruleset=4 option 2021-05-25 09:17:16 +02:00
mounts.go Run go fmt with Go 1.17 2021-08-22 09:31:50 +09:00
spec_opts_linux_test.go Fix the Inheritable capability defaults. 2022-02-01 13:55:46 -08:00
spec_opts_linux.go Merge pull request #5490 from askervin/5Bu_blockio 2022-04-29 10:07:56 -05:00
spec_opts_nonlinux.go cri: support blockio class in pod and container annotations 2022-04-29 11:44:09 +03:00
spec_opts_test.go Enable gosec linter for golangci-lint 2022-03-14 22:50:54 +00:00
spec_opts_unix_test.go Run go fmt with Go 1.17 2021-08-22 09:31:50 +09:00
spec_opts_unix.go Adds support for Windows ArgsEscaped images 2022-03-01 13:40:44 -08:00
spec_opts_windows_test.go Adds support for Windows ArgsEscaped images 2022-03-01 13:40:44 -08:00
spec_opts_windows.go Add ctr support for CPUMax and CPUShares 2022-04-28 13:17:16 -07:00
spec_opts.go oci: WithDefaultUnixDevices(): remove tun/tap from the default devices 2022-05-11 00:31:59 +02:00
spec_test.go Fix the Inheritable capability defaults. 2022-02-01 13:55:46 -08:00
spec.go Fix the Inheritable capability defaults. 2022-02-01 13:55:46 -08:00
utils_unix_go116_test.go OCI: Mount (accessible) host devices in privileged rootless containers 2021-12-10 12:16:59 +01:00
utils_unix_go117_test.go OCI: Mount (accessible) host devices in privileged rootless containers 2021-12-10 12:16:59 +01:00
utils_unix_test.go OCI: Mount (accessible) host devices in privileged rootless containers 2021-12-10 12:16:59 +01:00
utils_unix.go feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00