Support systemd optional prefix '-' for devices.

Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

docs/source/markdown/podman-systemd.unit.5.md

@@ -145,7 +145,8 @@ Adds a device node from the host into the container. The format of this is
 `HOST-DEVICE[:CONTAINER-DEVICE][:PERMISSIONS]`, where `HOST-DEVICE` is the path of
 the device node on the host, `CONTAINER-DEVICE` is the path of the device node in
 the container, and `PERMISSIONS` is a list of permissions combining 'r' for read,
-'w' for write, and 'm' for mknod(2).
+'w' for write, and 'm' for mknod(2). The `-` prefix tells quadlet to add the device
+only if it exists on the host.
 
 This key can be listed multiple times.
 

pkg/systemd/quadlet/quadlet.go

@@ -1,7 +1,9 @@
 package quadlet
 
 import (
+	"errors"
 	"fmt"
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -421,6 +423,13 @@ func ConvertContainer(container *parser.UnitFile, isUser bool) (*parser.UnitFile
 	// But allow overrides with AddCapability
 	devices := container.LookupAllStrv(ContainerGroup, KeyAddDevice)
 	for _, device := range devices {
+		if device[0] == '-' {
+			device = device[1:]
+			_, err := os.Stat(strings.Split(device, ":")[0])
+			if errors.Is(err, os.ErrNotExist) {
+				continue
+			}
+		}
 		podman.addf("--device=%s", device)
 	}
 

test/e2e/quadlet/devices.container

@@ -1,7 +1,14 @@
 ## assert-podman-args --device=/dev/fuse
 ## assert-podman-args --device=/dev/loop0:r
+## assert-podman-args --device=/dev/null:/dev/test
+## !assert-podman-args --device=/dev/bogus:r
+## !assert-podman-args --device=/dev/bogus
+## !assert-podman-args --device=/dev/bogus1
 
 [Container]
 Image=localhost/imagename
 AddDevice=/dev/fuse
 AddDevice=/dev/loop0:r
+AddDevice=-/dev/null:/dev/test
+AddDevice=-/dev/bogus:r
+AddDevice=-/dev/bogus1