controllers: Prevent host devices from being passed to privileged con…

…tainers

`privileged_without_host_devices` is an option from CRI-O configuration
files that controls whether the runtime handler will prevent host
devices from being passed to privileged containers.  Its default value
is `false` and we're switching it to `true` in order to avoid exposing
the host's `/dev`.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

controllers/openshift_controller.go

@@ -345,6 +345,7 @@ func generateDropinConfig(handlerName string) (string, error) {
   runtime_path = "/usr/bin/containerd-shim-kata-v2"
   runtime_type = "vm"
   runtime_root = "/run/vc"
+  privileged_without_host_devices = true
   
 [crio.runtime.runtimes.runc]
   runtime_path = ""