Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support --device-cgroup-rule #4876

Closed
agners opened this issue Jan 15, 2020 · 6 comments · Fixed by #5152
Closed

Support --device-cgroup-rule #4876

agners opened this issue Jan 15, 2020 · 6 comments · Fixed by #5152
Assignees
@QiWang19
Labels
Good First Issue This issue would be a good issue for a first time contributor to undertake. kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@agners
Copy link
Contributor

agners commented Jan 15, 2020

/kind feature

Description

Support the --device-cgroup-rule flag to add rules to cgroup what devices are allowed. This is useful when devices appear after the container has been started.
@openshift-ci-robot openshift-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Jan 15, 2020
@rhatdan
Copy link
Member

rhatdan commented Jan 15, 2020 

       --device-cgroup-rule="type major:minor mode"
          Add a rule to the cgroup allowed devices list. The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt):
            - type: a (all), c (char), or b (block);
            - major and minor: either a number, or * for all;
            - mode: a composition of r (read), w (write), and m (mknod(2)).

@rhatdan
Copy link
Member

rhatdan commented Jan 15, 2020

@giuseppe WDYT?

@giuseppe
Copy link
Member

I think this is a good idea.

@agners would you like to open a PR for adding this feature? I can guide you through it if you hit any blocker

@agners
Copy link
Contributor Author

agners commented Jan 17, 2020

@giuseppe sounds tempting... But then, I do have no go experience, and I fear that this is a rabbit hole which takes more time than want I want to spend right now :-)

@rhatdan rhatdan added the Good First Issue This issue would be a good issue for a first time contributor to undertake. label Jan 19, 2020
@rhatdan
Copy link
Member

rhatdan commented Jan 19, 2020

Thanks @agners anyways, we will hopefully get somone working on this.

@rhatdan
Copy link
Member

rhatdan commented Jan 19, 2020

@QiWang19 PTAL

@QiWang19 QiWang19 mentioned this issue Feb 10, 2020
Merged
QiWang19 added a commit to QiWang19/podman that referenced this issue Feb 12, 2020
@QiWang19
support device-cgroup-rule
d326073 
fix containers#4876
Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created.

Signed-off-by: Qi Wang <[email protected]>
snj33v pushed a commit to snj33v/libpod that referenced this issue May 31, 2020
@QiWang19 @snj33v
support device-cgroup-rule
b6dc745 
fix containers#4876
Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created.

Signed-off-by: Qi Wang <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@QiWang19 QiWang19

Labels
Good First Issue This issue would be a good issue for a first time contributor to undertake. kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

support device-cgroup-rule QiWang19/podman
5 participants
@agners @giuseppe @rhatdan @QiWang19 @openshift-ci-robot