opencontainers/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2026-02-05 18:45:28 +01:00
Code Issues Wiki Activity

cgroups: systemd: skip adding device paths that don't exist

Browse Source 
systemd emits very loud warnings when the path specified doesn't exist
(which can be the case for some of our default rules). We don't need the
ruleset we give systemd to be completely accurate (we discard some kinds
of wildcard rules anyway) so we can safely skip adding these.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This commit is contained in:
Aleksa Sarai
2022-06-02 12:07:00 +10:00
parent a51ea7c477
commit 343951a22b
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libcontainer/cgroups/devices/systemd.go
View File

@@ -129,7 +129,13 @@ func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) {
entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor)
}
}
deviceAllowList = append(deviceAllowList, entry)
// systemd will issue a warning if the path we give here doesn't exist.
// Since all of this logic is best-effort anyway (we manually set these
// rules separately to systemd) we can safely skip entries that don't
// have a corresponding path.
if _, err := os.Stat(entry.Path); err == nil {
deviceAllowList = append(deviceAllowList, entry)
}
}
properties = append(properties, newProp("DeviceAllow", deviceAllowList))