rune: Add the sgx devices according to the actual situation

If the enclave devices doesn't exist, don't add them into the default device list and cgroup whitelist. Signed-off-by: N Yilin Li <YiLin.Li@linux.alibaba.com>

rune: Add the sgx devices according to the actual situation
If the enclave devices doesn't exist, don't add them into the default device list and cgroup whitelist. Signed-off-by: N Yilin Li <YiLin.Li@linux.alibaba.com>
addc406d · hustliyilin · GitHub · 0e7a77ee · addc406d
隐藏空白更改
内联并排

Showing with 16 addition and 1 deletion

rune/libcontainer/specconv/spec_linux.go rune/libcontainer/specconv/spec_linux.go +16 -1

未找到文件。
--- a/rune/libcontainer/specconv/spec_linux.go
+++ b/rune/libcontainer/specconv/spec_linux.go
@@ -17,6 +17,7 @@ import (
 	dbus "github.com/godbus/dbus/v5"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/configs"
+	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/seccomp"
 	libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"
 	"github.com/opencontainers/runtime-spec/specs-go"
@@ -339,6 +340,18 @@ func createEnclaveConfig(spec *specs.Spec, config *configs.Config) {
 	}
 }

+// Determine whether the file is a character device
+func IsChrDev(device *configs.Device) (bool) {
+	dev, err := devices.DeviceFromPath(device.Path, "rw")
+	if err == nil {
+		if dev.Type == 'c' && dev.Major == 10 {
+			return true
+		}
+	}
+
+	return false
+}
+
 func createEnclaveDevices(devices []*configs.Device, etype string, fn func(dev configs.Device)) {
 	var configuredDevs []string

@@ -355,7 +368,9 @@ func createEnclaveDevices(devices []*configs.Device, etype string, fn func(dev c

 	// Create default enclave devices
 	for _, d := range exclusiveDevs {
-		fn(*d)
+		if IsChrDev(d) {
+			fn(*d)
+		}
 	}
 }