Merge pull request #4622 from rhatdan/rootless

Add comment on rootless containers creating device nodes
containers · Dec 3, 2019 · 9e361fd · 9e361fd
2 parents 588156a + 8cb1af9
commit 9e361fd
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/rootless.md b/rootless.md
@@ -42,3 +42,5 @@ can easily fail
   * Pause and Unpause (Works with cgroup V2 support)
 * Issues with higher UIDs can cause builds to fail
   * If a build is attempting to use a UID that is not mapped into the user namespace mapping for a container, then builds will not be able to put the UID in an image.
+* Making device nodes within a container fails, even when running --privileged.
+  * Kernel does not allow non root user processes (processes without CAP_MKNOD) to create device nodes.  If container needs to create device nodes, it must be run as root.