specgen, rootless: raise error with --device-cgroup-rule

we were silently ignoring --device-cgroup-rule in rootless mode. Make sure an error is returned if the user tries to use it. Closes: https://github.com/containers/podman/issues/18698 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-06-24 11:28:24 +08:00 · 2023-06-26 17:09:55 +02:00
parent 0357881075
commit 0220f33384
2 changed files with 8 additions and 1 deletions
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@ -746,7 +746,11 @@ EOF
 }

@test "podman run --device-cgroup-rule tests" {
-    skip_if_rootless "cannot add devices in rootless mode"
+    if is_rootless; then
+        run_podman 125 run --device-cgroup-rule="b 7:* rmw" --rm $IMAGE
+        is "$output" "Error: device cgroup rules are not supported in rootless mode or in a user namespace"
+        return
+    fi

    run_podman run --device-cgroup-rule="b 7:* rmw" --rm $IMAGE
    run_podman run --device-cgroup-rule="c 7:* rmw" --rm $IMAGE