From 7219387eb7db69b4dae740c9d37d973d9a735801 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Jun 2022 09:45:49 +1000 Subject: [PATCH] cgroups: systemd: skip adding device paths that don't exist systemd emits very loud warnings when the path specified doesn't exist (which can be the case for some of our default rules). We don't need the ruleset we give systemd to be completely accurate (we discard some kinds of wildcard rules anyway) so we can safely skip adding these. Signed-off-by: Aleksa Sarai --- libcontainer/cgroups/systemd/common.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index 98ccc51655c..5a68a3cf394 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -289,7 +289,13 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) } } - deviceAllowList = append(deviceAllowList, entry) + // systemd will issue a warning if the path we give here doesn't exist. + // Since all of this logic is best-effort anyway (we manually set these + // rules separately to systemd) we can safely skip entries that don't + // have a corresponding path. + if _, err := os.Stat(entry.Path); err == nil { + deviceAllowList = append(deviceAllowList, entry) + } } properties = append(properties, newProp("DeviceAllow", deviceAllowList))