opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-24 03:08:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20501 from mheon/powercap

Browse Source 
Mask /sys/devices/virtual/powercap
This commit is contained in:
openshift-ci[bot]
2023-10-27 08:04:52 +00:00
committed by GitHub
parent c3fae01368 be7dd128ef
commit 7d5af58bd7
4 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libpod/container_internal_common.go
View File

@ -680,6 +680,8 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
} }
} }
c.addMaskedPaths(&g)
return g.Config, cleanupFunc, nil return g.Config, cleanupFunc, nil
} }

4
libpod/container_internal_freebsd.go
View File

@ -385,3 +385,7 @@ func (c *Container) getPlatformRunPath() (string, error) {
} }
return runPath, nil return runPath, nil
} }
func (c *Container) addMaskedPaths(g *generate.Generator) {
// There are currently no FreeBSD-specific masked paths
}

6
libpod/container_internal_linux.go
View File

@ -805,3 +805,9 @@ func (c *Container) makePlatformMtabLink(etcInTheContainerFd, rootUID, rootGID i
func (c *Container) getPlatformRunPath() (string, error) { func (c *Container) getPlatformRunPath() (string, error) {
return "/run", nil return "/run", nil
} }
func (c *Container) addMaskedPaths(g *generate.Generator) {
if !c.config.Privileged {
g.AddLinuxMaskedPaths("/sys/devices/virtual/powercap")
}
}

23
test/e2e/run_test.go
View File

@ -414,6 +414,29 @@ var _ = Describe("Podman run", func() {
Expect(session.OutputToString()).To(Not(BeEmpty())) Expect(session.OutputToString()).To(Not(BeEmpty()))
}) })
It("podman run powercap is masked", func() {
Skip("CI VMs do not have access to powercap")
testCtr1 := "testctr"
run := podmanTest.Podman([]string{"run", "-d", "--name", testCtr1, ALPINE, "top"})
run.WaitWithDefaultTimeout()
Expect(run).Should(ExitCleanly())
exec := podmanTest.Podman([]string{"exec", "-ti", testCtr1, "ls", "/sys/devices/virtual/powercap"})
exec.WaitWithDefaultTimeout()
Expect(exec).To(ExitWithError())
testCtr2 := "testctr2"
run2 := podmanTest.Podman([]string{"run", "-d", "--privileged", "--name", testCtr2, ALPINE, "top"})
run2.WaitWithDefaultTimeout()
Expect(run2).Should(ExitCleanly())
exec2 := podmanTest.Podman([]string{"exec", "-ti", testCtr2, "ls", "/sys/devices/virtual/powercap"})
exec2.WaitWithDefaultTimeout()
Expect(exec2).Should(ExitCleanly())
Expect(exec2.OutputToString()).Should(Not(BeEmpty()))
})
It("podman run security-opt unmask on /sys/fs/cgroup", func() { It("podman run security-opt unmask on /sys/fs/cgroup", func() {
SkipIfCgroupV1("podman umask on /sys/fs/cgroup will fail with cgroups V1") SkipIfCgroupV1("podman umask on /sys/fs/cgroup will fail with cgroups V1")