Skip to content

Commit

Permalink
spec: do not set devices cgroup when rootless
Browse files Browse the repository at this point in the history 
eBPF requires to be root in the init namespace.

Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
  • Loading branch information
@giuseppe
giuseppe committed Sep 2, 2019
1 parent ba1c570 commit b101a8d
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions pkg/spec/config_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,15 +173,16 @@ func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error {
newMounts = append(newMounts, devMnt)
}
g.Config.Mounts = append(newMounts, g.Config.Mounts...)
g.Config.Linux.Resources.Devices = nil
} else {
for _, d := range hostDevices {
g.AddDevice(Device(d))
}
// Add resources device - need to clear the existing one first.
g.Config.Linux.Resources.Devices = nil
g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm")
}

// Add resources device - need to clear the existing one first.
g.Config.Linux.Resources.Devices = nil
g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm")
return nil
}

Expand Down

0 comments on commit b101a8d

Please sign in to comment.