Commits on Aug 18, 2022

1. Fix failed exec after systemctl daemon-reload …

   A regression reported for runc v1.1.3 says that "runc exec -t" fails
   after doing "systemctl daemon-reload":
   
   > exec failed: unable to start container process: open /dev/pts/0: operation not permitted: unknown
   
   Apparently, with commit 7219387 we are no longer adding
   "DeviceAllow=char-pts rwm" rule (because os.Stat("char-pts") returns
   ENOENT).
   
   The bug can only be seen after "systemctl daemon-reload" because runc
   also applies the same rules manually (by writing to devices.allow for
   cgroup v1), and apparently reloading systemd leads to re-applying the
   rules that systemd has (thus removing the char-pts access).
   
   The fix is to do os.Stat only for "/dev" paths.
   
   Also, emit a warning that the path was skipped. Since the original idea
   was to emit less warnings, demote the level to debug.
   
   Note this also fixes the issue of not adding "m" permission for block-*
   and char-* devices.
   
   A test case is added, which reliably fails before the fix
   on both cgroup v1 and v2.
   
   Fixes: opencontainers#3551
   Fixes: 7219387
   Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

   

   kolyshkin committed Aug 18, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 58b1374
   • Browse repository at this point

   Copy the full SHA

   58b1374 View commit details

   Browse the repository at this point in the history