Merge pull request #15895 from dcermak/don-expose-dev-for-privileged

Don't mount /dev/ inside privileged containers running systemd
2025-12-08 06:39:05 +08:00 · 2022-09-22 19:03:15 +02:00
parent 8bf3535447 5a2405ae1b
commit 08993516a9
4 changed files with 28 additions and 3 deletions
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -901,4 +901,22 @@ $IMAGE--c_ok" \
    run_podman rm $ctr_name
 }

+@test "podman run --privileged as root with systemd will not mount /dev/tty" {
+    skip_if_rootless "this test only makes sense as root"
+
+    ctr_name="container-$(random_string 5)"
+    run_podman run --rm -d --privileged --systemd=always --name "$ctr_name" "$IMAGE" /home/podman/pause
+
+    TTYs=$(ls /dev/tty*|sed '/^\/dev\/tty$/d')
+
+    if [[ $TTYs = "" ]]; then
+        die "Did not find any /dev/ttyN devices on local host"
+    else
+        run_podman exec "$ctr_name" ls /dev/
+        assert "$(grep tty <<<$output)" = "tty" "There must be no /dev/ttyN devices in the container"
+    fi
+
+    run_podman stop "$ctr_name"
+}
+
 # vim: filetype=sh