From 91183a40b4bb8e464bfaba97569dd490a468ebb3 Mon Sep 17 00:00:00 2001
From: Doug Rabson <dfr@rabson.org>
Date: Mon, 17 Nov 2025 10:55:00 +0000
Subject: [PATCH] pkg/specgen/generate: Fix adding host devices on FreeBSD

This was not working when emulating Linux container images on FreeBSD.
The code to handle host devices on FreeBSD relies on the container
having a devfs mount. Unfortunately, the Linux emulation code which adds
this was happening after the host device handling. This changes the
logic so that host device management happens after Linux emulation.

Signed-off-by: Doug Rabson <dfr@rabson.org>
---
 pkg/specgen/generate/oci_freebsd.go | 44 ++++++++++++++---------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/pkg/specgen/generate/oci_freebsd.go b/pkg/specgen/generate/oci_freebsd.go
index 553e7c34d22..9b4fa8c42eb 100644
--- a/pkg/specgen/generate/oci_freebsd.go
+++ b/pkg/specgen/generate/oci_freebsd.go
@@ -50,28 +50,6 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		g.AddAnnotation(key, val)
 	}
 
-	// Devices
-	var userDevices []spec.LinuxDevice
-	if !s.IsPrivileged() {
-		// add default devices from containers.conf
-		for _, device := range rtc.Containers.Devices.Get() {
-			if err = DevicesFromPath(&g, device, rtc); err != nil {
-				return nil, err
-			}
-		}
-		if len(compatibleOptions.HostDeviceList) > 0 && len(s.Devices) == 0 {
-			userDevices = compatibleOptions.HostDeviceList
-		} else {
-			userDevices = s.Devices
-		}
-		// add default devices specified by caller
-		for _, device := range userDevices {
-			if err = DevicesFromPath(&g, device.Path, rtc); err != nil {
-				return nil, err
-			}
-		}
-	}
-
 	g.ClearProcessEnv()
 	for name, val := range s.Env {
 		g.AddProcessEnv(name, val)
@@ -134,6 +112,28 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		configSpec.Mounts = mounts
 	}
 
+	// Devices
+	var userDevices []spec.LinuxDevice
+	if !s.IsPrivileged() {
+		// add default devices from containers.conf
+		for _, device := range rtc.Containers.Devices.Get() {
+			if err = DevicesFromPath(&g, device, rtc); err != nil {
+				return nil, err
+			}
+		}
+		if len(compatibleOptions.HostDeviceList) > 0 && len(s.Devices) == 0 {
+			userDevices = compatibleOptions.HostDeviceList
+		} else {
+			userDevices = s.Devices
+		}
+		// add default devices specified by caller
+		for _, device := range userDevices {
+			if err = DevicesFromPath(&g, device.Path, rtc); err != nil {
+				return nil, err
+			}
+		}
+	}
+
 	// BIND MOUNTS
 	configSpec.Mounts = SupersedeUserMounts(mounts, configSpec.Mounts)
 	// Process mounts to ensure correct options