opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-15 03:18:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Set default rule at the head of device configuration

Browse Source 
The default rule should be set at the head of device configuration.
Otherwise, rules for user devices are overridden by the default rule so
that any access to the user devices are denied.

Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
This commit is contained in:
Hironori Shiina
2022-03-03 21:39:14 -05:00
parent 4a242b1327
commit d2f77c2568
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
test/e2e/run_device_test.go
View File

@@ -44,6 +44,11 @@ var _ = Describe("Podman run device", func() {
session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "test", "-c", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
if !isRootless() {
session = podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", "--cap-add", "SYS_ADMIN", ALPINE, "head", "-n", "1", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
}
})
It("podman run device rename test", func() {