support device-cgroup-rule

fix #4876 Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created. Signed-off-by: Qi Wang <qiwan@redhat.com>
2025-11-03 07:47:19 +08:00 · 2020-02-06 17:24:29 -05:00
parent 4bdfeed5bf
commit d3260738d3
11 changed files with 92 additions and 0 deletions
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@ -999,4 +999,16 @@ USER mail`
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Not(Equal(0)))
 	})
+
+	It("podman run --device-cgroup-rule", func() {
+		SkipIfRemote()
+		SkipIfRootless()
+		deviceCgroupRule := "c 42:* rwm"
+		session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		session = podmanTest.Podman([]string{"exec", "test", "mknod", "newDev", "c", "42", "1"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+	})
 })