2015-06-05 19:23:32 +08:00
|
|
|
// +build linux freebsd
|
2015-05-14 06:42:16 +08:00
|
|
|
|
2015-02-03 20:27:21 +08:00
|
|
|
package configs
|
2015-02-01 11:56:27 +08:00
|
|
|
|
2014-05-31 09:30:27 +08:00
|
|
|
var (
|
2016-04-12 16:12:23 +08:00
|
|
|
// DefaultSimpleDevices are devices that are to be both allowed and created.
|
2015-02-03 20:27:21 +08:00
|
|
|
DefaultSimpleDevices = []*Device{
|
2014-05-31 09:30:27 +08:00
|
|
|
// /dev/null and zero
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "/dev/null",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 1,
|
|
|
|
Minor: 3,
|
|
|
|
Permissions: "rwm",
|
|
|
|
FileMode: 0666,
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "/dev/zero",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 1,
|
|
|
|
Minor: 5,
|
|
|
|
Permissions: "rwm",
|
|
|
|
FileMode: 0666,
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "/dev/full",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 1,
|
|
|
|
Minor: 7,
|
|
|
|
Permissions: "rwm",
|
|
|
|
FileMode: 0666,
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
|
|
|
|
// consoles and ttys
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "/dev/tty",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 5,
|
|
|
|
Minor: 0,
|
|
|
|
Permissions: "rwm",
|
|
|
|
FileMode: 0666,
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
|
|
|
|
// /dev/urandom,/dev/random
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "/dev/urandom",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 1,
|
|
|
|
Minor: 9,
|
|
|
|
Permissions: "rwm",
|
|
|
|
FileMode: 0666,
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "/dev/random",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 1,
|
|
|
|
Minor: 8,
|
|
|
|
Permissions: "rwm",
|
|
|
|
FileMode: 0666,
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
}
|
2015-02-03 20:27:21 +08:00
|
|
|
DefaultAllowedDevices = append([]*Device{
|
2014-05-31 09:30:27 +08:00
|
|
|
// allow mknod for any device
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Type: 'c',
|
2015-02-03 20:27:21 +08:00
|
|
|
Major: Wildcard,
|
|
|
|
Minor: Wildcard,
|
2015-02-01 11:56:27 +08:00
|
|
|
Permissions: "m",
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Type: 'b',
|
2015-02-03 20:27:21 +08:00
|
|
|
Major: Wildcard,
|
|
|
|
Minor: Wildcard,
|
2015-02-01 11:56:27 +08:00
|
|
|
Permissions: "m",
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "/dev/console",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 5,
|
|
|
|
Minor: 1,
|
|
|
|
Permissions: "rwm",
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
// /dev/pts/ - pts namespaces are "coming soon"
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 136,
|
2015-02-03 20:27:21 +08:00
|
|
|
Minor: Wildcard,
|
2015-02-01 11:56:27 +08:00
|
|
|
Permissions: "rwm",
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 5,
|
|
|
|
Minor: 2,
|
|
|
|
Permissions: "rwm",
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
|
|
|
|
// tuntap
|
|
|
|
{
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 10,
|
|
|
|
Minor: 200,
|
|
|
|
Permissions: "rwm",
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
}, DefaultSimpleDevices...)
|
2015-02-03 20:27:21 +08:00
|
|
|
DefaultAutoCreatedDevices = append([]*Device{
|
2014-05-31 09:30:27 +08:00
|
|
|
{
|
|
|
|
// /dev/fuse is created but not allowed.
|
|
|
|
// This is to allow java to work. Because java
|
|
|
|
// Insists on there being a /dev/fuse
|
2014-07-25 05:21:02 +08:00
|
|
|
// https://github.com/docker/docker/issues/514
|
|
|
|
// https://github.com/docker/docker/issues/2393
|
2014-05-31 09:30:27 +08:00
|
|
|
//
|
2015-02-01 11:56:27 +08:00
|
|
|
Path: "/dev/fuse",
|
|
|
|
Type: 'c',
|
|
|
|
Major: 10,
|
|
|
|
Minor: 229,
|
|
|
|
Permissions: "rwm",
|
2014-05-31 09:30:27 +08:00
|
|
|
},
|
|
|
|
}, DefaultSimpleDevices...)
|
|
|
|
)
|