Skip to content

Commit

Permalink
cgroups: systemd: skip adding device paths that don't exist
Browse files Browse the repository at this point in the history
systemd emits very loud warnings when the path specified doesn't exist
(which can be the case for some of our default rules). We don't need the
ruleset we give systemd to be completely accurate (we discard some kinds
of wildcard rules anyway) so we can safely skip adding these.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
  • Loading branch information
cyphar committed Jun 7, 2022
1 parent da9b9d9 commit 7219387
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion libcontainer/cgroups/systemd/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,13 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor)
}
}
deviceAllowList = append(deviceAllowList, entry)
// systemd will issue a warning if the path we give here doesn't exist.
// Since all of this logic is best-effort anyway (we manually set these
// rules separately to systemd) we can safely skip entries that don't
// have a corresponding path.
if _, err := os.Stat(entry.Path); err == nil {
deviceAllowList = append(deviceAllowList, entry)
}
}

properties = append(properties, newProp("DeviceAllow", deviceAllowList))
Expand Down

0 comments on commit 7219387

Please sign in to comment.