|
|
@@ -275,6 +275,22 @@ func validateHostConfig(hostConfig *containertypes.HostConfig, platform string)
|
|
|
if hostConfig == nil {
|
|
|
return nil
|
|
|
}
|
|
|
+
|
|
|
+ if hostConfig.Privileged {
|
|
|
+ for _, deviceMapping := range hostConfig.Devices {
|
|
|
+ if deviceMapping.PathOnHost == deviceMapping.PathInContainer {
|
|
|
+ continue
|
|
|
+ }
|
|
|
+ if _, err := os.Stat(deviceMapping.PathInContainer); err != nil {
|
|
|
+ if os.IsNotExist(err) {
|
|
|
+ continue
|
|
|
+ }
|
|
|
+ return errors.Wrap(err, "error stating device path in container")
|
|
|
+ }
|
|
|
+ return errors.Errorf("container device path: %s must be different from any host device path for privileged mode containers", deviceMapping.PathInContainer)
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
|
|
|
return errors.Errorf("can't create 'AutoRemove' container with restart policy")
|
|
|
}
|
wenlxie