Do not mount /dev/tty into rootless containers

[NO NEW TESTS NEEDED] Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2165875 Signed-off-by: Martin Roukala (né Peres) <martin.roukala@mupuf.org>
2025-05-20 00:27:03 +08:00 · 2023-01-31 20:54:26 +02:00
parent 8a342404e6
commit d10860a323
1 changed files with 2 additions and 1 deletions
--- a/pkg/util/utils_linux.go
+++ b/pkg/util/utils_linux.go
@ -117,11 +117,12 @@ func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
 			 *              the rootless containers for security reasons, and
 			 *              the container runtime will create it for us
 			 *              anyway (ln -s /dev/pts/ptmx /dev/ptmx);
+			 *   /dev/tty and
 			 *   /dev/tty[0-9]+: Prevent the container from taking over the host's
 			 *                   virtual consoles, even when not in systemd mode
 			 *                   for backwards compatibility.
 			 */
-			if d.Path == "/dev/ptmx" || isVirtualConsoleDevice(d.Path) {
+			if d.Path == "/dev/ptmx" || d.Path == "/dev/tty" || isVirtualConsoleDevice(d.Path) {
 				continue
 			}
 			if _, found := mounts[d.Path]; found {