tpm: move createVTPMs to point after init of config.Namespaces

Move the call to createVTPMs() to a point after the config.Namespaces has been initialized. Move the Cgroup creation after the createVTPMs() call, otherwise the Cgroup entries for the /dev/tpm* devices will not be there. Signed-off-by: Stefan Berger <[email protected]>
opencontainers · Sep 8, 2017 · ca2dcb4 · ca2dcb4
1 parent df3d1e6
commit ca2dcb4
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
@@ -194,14 +194,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 	if err := setupUserNamespace(spec, config); err != nil {
 		return nil, err
 	}
-	if err := createVTPMs(spec, config); err != nil {
-		return nil, err
-	}
-	c, err := createCgroupConfig(opts)
-	if err != nil {
-		return nil, err
-	}
-	config.Cgroups = c
 	// set linux-specific config
 	if spec.Linux != nil {
 		if config.RootPropagation, exists = mountPropagationMapping[spec.Linux.RootfsPropagation]; !exists {
@@ -237,6 +229,14 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 			config.Seccomp = seccomp
 		}
 	}
+	if err := createVTPMs(spec, config); err != nil {
+		return nil, err
+	}
+	c, err := createCgroupConfig(opts)
+	if err != nil {
+		return nil, err
+	}
+	config.Cgroups = c
 	if spec.Process.SelinuxLabel != "" {
 		config.ProcessLabel = spec.Process.SelinuxLabel
 	}