opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-09-25 07:44:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Do not mount /dev/tty into rootless containers

Browse Source 
[NO NEW TESTS NEEDED]

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2165875
Signed-off-by: Martin Roukala (né Peres) <martin.roukala@mupuf.org>
This commit is contained in:
Martin Roukala (né Peres)
2023-01-31 20:54:26 +02:00
parent 8a342404e6
commit d10860a323
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/util/utils_linux.go
View File

@ -117,11 +117,12 @@ func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
* the rootless containers for security reasons, and * the rootless containers for security reasons, and
* the container runtime will create it for us * the container runtime will create it for us
* anyway (ln -s /dev/pts/ptmx /dev/ptmx); * anyway (ln -s /dev/pts/ptmx /dev/ptmx);
* /dev/tty and
* /dev/tty[0-9]+: Prevent the container from taking over the host's * /dev/tty[0-9]+: Prevent the container from taking over the host's
* virtual consoles, even when not in systemd mode * virtual consoles, even when not in systemd mode
* for backwards compatibility. * for backwards compatibility.
*/ */
if d.Path == "/dev/ptmx" || isVirtualConsoleDevice(d.Path) { if d.Path == "/dev/ptmx" || d.Path == "/dev/tty" || isVirtualConsoleDevice(d.Path) {
continue continue
} }
if _, found := mounts[d.Path]; found { if _, found := mounts[d.Path]; found {