Create the device nodes in the container.
(rootFd *os.File, config *configs.Config)
| 955 | |
| 956 | // Create the device nodes in the container. |
| 957 | func createDevices(rootFd *os.File, config *configs.Config) error { |
| 958 | useBindMount := userns.RunningInUserNS() || config.Namespaces.Contains(configs.NEWUSER) |
| 959 | for _, node := range config.Devices { |
| 960 | |
| 961 | // The /dev/ptmx device is setup by setupPtmx() |
| 962 | if pathrs.LexicallyCleanPath(node.Path) == "/dev/ptmx" { |
| 963 | continue |
| 964 | } |
| 965 | |
| 966 | // containers running in a user namespace are not allowed to mknod |
| 967 | // devices so we can just bind mount it from the host. |
| 968 | if err := createDeviceNode(rootFd, node, useBindMount); err != nil { |
| 969 | return err |
| 970 | } |
| 971 | } |
| 972 | return nil |
| 973 | } |
| 974 | |
| 975 | func bindMountDeviceNode(destDir *os.File, destName string, node *devices.Device) error { |
| 976 | dstFile, err := utils.Openat(destDir, destName, unix.O_CREAT|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0o000) |
no test coverage detected
searching dependent graphs…