Skip to content

Commit 7219387

Browse files
cypharcyphar
committed
cgroups: systemd: skip adding device paths that don't exist
systemd emits very loud warnings when the path specified doesn't exist (which can be the case for some of our default rules). We don't need the ruleset we give systemd to be completely accurate (we discard some kinds of wildcard rules anyway) so we can safely skip adding these. Signed-off-by: Aleksa Sarai <[email protected]>
1 parent da9b9d9 commit 7219387

1 file changed

Lines changed: 7 additions & 1 deletion

File tree

libcontainer/cgroups/systemd/common.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -289,7 +289,13 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err
289289
entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor)
290290
}
291291
}
292-
deviceAllowList = append(deviceAllowList, entry)
292+
// systemd will issue a warning if the path we give here doesn't exist.
293+
// Since all of this logic is best-effort anyway (we manually set these
294+
// rules separately to systemd) we can safely skip entries that don't
295+
// have a corresponding path.
296+
if _, err := os.Stat(entry.Path); err == nil {
297+
deviceAllowList = append(deviceAllowList, entry)
298+
}
293299
}
294300

295301
properties = append(properties, newProp("DeviceAllow", deviceAllowList))

0 commit comments

Comments
 (0)