Commit 2f33458
committed
tests/int: demo default device access rule removal
Since commit 0709202 ("Remove runc default devices that overlap with
spec devices.") runc removes the default cgroup device access rule from
the default set in case a device with the same path is also listed in
container spec.
Judging by the commit description, this was not the intention, and yet
this is what we have.
As the behavior is now part of runc (since v1.0-rc93), it makes sense
to at least test it, to ensure it won't be broken in the future.
In addition, the test case serves as a demo how to limit the container
device access to a subset of default AllowedDevices.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>1 parent a756459 commit 2f33458
1 file changed
Lines changed: 28 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
13 | 41 | | |
14 | 42 | | |
15 | 43 | | |
| |||
0 commit comments