diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go index 14b37804f3..02253b9b2a 100644 --- a/pkg/api/handlers/compat/containers_create.go +++ b/pkg/api/handlers/compat/containers_create.go @@ -163,6 +163,11 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C for _, dev := range cc.HostConfig.Devices { devices = append(devices, fmt.Sprintf("%s:%s:%s", dev.PathOnHost, dev.PathInContainer, dev.CgroupPermissions)) } + for _, r := range cc.HostConfig.Resources.DeviceRequests { + if r.Driver == "cdi" { + devices = append(devices, r.DeviceIDs...) + } + } // iterate blkreaddevicebps readBps := make([]string, 0, len(cc.HostConfig.BlkioDeviceReadBps)) diff --git a/test/compose/cdi_device/README.md b/test/compose/cdi_device/README.md new file mode 100644 index 0000000000..961af83fc7 --- /dev/null +++ b/test/compose/cdi_device/README.md @@ -0,0 +1,9 @@ +cdi devices +=========== + +This test copies a CDI device file on a tmpfs mounted on /etc/cdi, then checks that the CDI device in the compose file is present in a container. The test is skipped when running as rootless. + +Validation +------------ + +* The CDI device is present in the container. diff --git a/test/compose/cdi_device/device.json b/test/compose/cdi_device/device.json new file mode 100644 index 0000000000..d489906914 --- /dev/null +++ b/test/compose/cdi_device/device.json @@ -0,0 +1,14 @@ +{ + "cdiVersion": "0.3.0", + "kind": "vendor.com/device", + "devices": [ + { + "name": "myKmsg", + "containerEdits": { + "mounts": [ + {"hostPath": "/dev/kmsg", "containerPath": "/dev/kmsg1", "options": ["rw", "rprivate", "rbind"]} + ] + } + } + ] +} diff --git a/test/compose/cdi_device/docker-compose.yml b/test/compose/cdi_device/docker-compose.yml new file mode 100644 index 0000000000..dfbeb2e906 --- /dev/null +++ b/test/compose/cdi_device/docker-compose.yml @@ -0,0 +1,15 @@ +services: + test: + image: alpine + command: ["top"] + volumes: + - /dev:/dev-host + security_opt: + - label=disable + deploy: + resources: + reservations: + devices: + - driver: cdi + device_ids: ['vendor.com/device=myKmsg'] + capabilities: [] diff --git a/test/compose/cdi_device/setup.sh b/test/compose/cdi_device/setup.sh new file mode 100644 index 0000000000..224caa5443 --- /dev/null +++ b/test/compose/cdi_device/setup.sh @@ -0,0 +1,9 @@ +if is_rootless; then + reason=" - can't write to /etc/cdi" + _show_ok skip "$testname # skip$reason" + exit 0 +fi + +mkdir -p /etc/cdi +mount -t tmpfs tmpfs /etc/cdi +cp device.json /etc/cdi diff --git a/test/compose/cdi_device/teardown.sh b/test/compose/cdi_device/teardown.sh new file mode 100644 index 0000000000..770afd1269 --- /dev/null +++ b/test/compose/cdi_device/teardown.sh @@ -0,0 +1,3 @@ +if ! is_rootless; then + umount -l /etc/cdi +fi diff --git a/test/compose/cdi_device/tests.sh b/test/compose/cdi_device/tests.sh new file mode 100644 index 0000000000..230ad1d10e --- /dev/null +++ b/test/compose/cdi_device/tests.sh @@ -0,0 +1,11 @@ +# -*- bash -*- + +ctr_name="cdi_device-test-1" + +podman exec "$ctr_name" sh -c 'stat -c "%t:%T" /dev-host/kmsg' + +expected=$output + +podman exec "$ctr_name" sh -c 'stat -c "%t:%T" /dev/kmsg1' + +is "$output" "$expected" "$testname : device /dev/kmsg1 has the same rdev as /dev/kmsg on the host"