From d10860a323f31270a00f0aa76aa23390f6627a51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Roukala=20=28n=C3=A9=20Peres=29?=
 <martin.roukala@mupuf.org>
Date: Tue, 31 Jan 2023 20:54:26 +0200
Subject: [PATCH] Do not mount /dev/tty into rootless containers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[NO NEW TESTS NEEDED]

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2165875
Signed-off-by: Martin Roukala (né Peres) <martin.roukala@mupuf.org>
---
 pkg/util/utils_linux.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
index 468524405d..c094beac75 100644
--- a/pkg/util/utils_linux.go
+++ b/pkg/util/utils_linux.go
@@ -117,11 +117,12 @@ func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
 			 *              the rootless containers for security reasons, and
 			 *              the container runtime will create it for us
 			 *              anyway (ln -s /dev/pts/ptmx /dev/ptmx);
+			 *   /dev/tty and
 			 *   /dev/tty[0-9]+: Prevent the container from taking over the host's
 			 *                   virtual consoles, even when not in systemd mode
 			 *                   for backwards compatibility.
 			 */
-			if d.Path == "/dev/ptmx" || isVirtualConsoleDevice(d.Path) {
+			if d.Path == "/dev/ptmx" || d.Path == "/dev/tty" || isVirtualConsoleDevice(d.Path) {
 				continue
 			}
 			if _, found := mounts[d.Path]; found {