runc
runc copied to clipboard
Fix failed exec after systemctl daemon-reload
A regression reported for runc v1.1.3 says that after systemctl daemon-reload runc exec fails:
exec failed: unable to start container process: open /dev/pts/0: operation not permitted: unknown
Apparently, with commit 7219387eb7db69b we are no longer adding "DeviceAllow=char-pts rwm" rule (because os.Stat("char-pts") returns ENOENT).
The bug can only be seen after "systemctl daemon-reload" because runc also applies the same rules manually (by writing to devices.allow for cgroup v1), and apparently reloading systemd leads to re-applying the rules that systemd has (thus removing the char-pts access).
The fix is to do os.Stat only for "/dev" paths.
Also, emit a warning that the path was skipped. Since the original idea was to emit less warnings, demote the level to debug.
Fixes: https://github.com/opencontainers/runc/issues/3551 Fixes: 7219387eb7db69b4dae740c9d37d973d9a735801
TODO:
- [ ] add a regression test