Merge pull request #17304 from mupuf/podman_4.4_regression

openshift-merge-robot · web-flow · commit 68bbdc283f43 · 2023-01-31T16:56:53.000-05:00
Do not mount /dev/tty into rootless containers
diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
@@ -117,11 +117,12 @@ func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
 			 *              the rootless containers for security reasons, and
 			 *              the container runtime will create it for us
 			 *              anyway (ln -s /dev/pts/ptmx /dev/ptmx);
+			 *   /dev/tty and
 			 *   /dev/tty[0-9]+: Prevent the container from taking over the host's
 			 *                   virtual consoles, even when not in systemd mode
 			 *                   for backwards compatibility.
 			 */
-			if d.Path == "/dev/ptmx" || isVirtualConsoleDevice(d.Path) {
+			if d.Path == "/dev/ptmx" || d.Path == "/dev/tty" || isVirtualConsoleDevice(d.Path) {
 				continue
 			}
 			if _, found := mounts[d.Path]; found {
