Do not mount /dev/tty into rootless containers

[NO NEW TESTS NEEDED] Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2165875 Signed-off-by: Martin Roukala (né Peres) <[email protected]>
giuseppe · Jan 31, 2023 · d10860a · d10860a
1 parent 8a34240
commit d10860a
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
@@ -117,11 +117,12 @@ func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
 			 *              the rootless containers for security reasons, and
 			 *              the container runtime will create it for us
 			 *              anyway (ln -s /dev/pts/ptmx /dev/ptmx);
+			 *   /dev/tty and
 			 *   /dev/tty[0-9]+: Prevent the container from taking over the host's
 			 *                   virtual consoles, even when not in systemd mode
 			 *                   for backwards compatibility.
 			 */
-			if d.Path == "/dev/ptmx" || isVirtualConsoleDevice(d.Path) {
+			if d.Path == "/dev/ptmx" || d.Path == "/dev/tty" || isVirtualConsoleDevice(d.Path) {
 				continue
 			}
 			if _, found := mounts[d.Path]; found {