a3ac156007
A container should not have access to tun/tap device, unless it is explicitly specified in configuration. This device was already removed from docker's default, and runc's default; -2ce40b6ad7-9c4570a958Per the commit message in runc, this should also fix these messages; > Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory coming from systemd on every container start, when the systemd cgroup driver is used, and the system runs an old (< v240) version of systemd (the message was presumably eliminated by [1]). [1]:d5aecba6e0Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
39 KiB
39 KiB