From 7b96ad2cf26044827cd0da53d5a0735a31aeab0a Mon Sep 17 00:00:00 2001
From: TDnorthgarden <tdnorthgarden@gmail.com>
Date: Sat, 7 Oct 2023 15:29:43 +0800
Subject: [PATCH] runc update: skip devices

---
 libcontainer/cgroups/fs/devices.go  | 2 +-
 libcontainer/configs/cgroup_unix.go | 2 ++
 update.go                           | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/libcontainer/cgroups/fs/devices.go b/libcontainer/cgroups/fs/devices.go
index 478b5db..799f062 100644
--- a/libcontainer/cgroups/fs/devices.go
+++ b/libcontainer/cgroups/fs/devices.go
@@ -52,7 +52,7 @@ func readCgroupDeviceMap(dir string) (map[string]bool, error) {
 }
 
 func (s *DevicesGroup) Set(path string, cgroup *configs.Cgroup) error {
-	if system.RunningInUserNS() {
+	if system.RunningInUserNS() || cgroup.Resources.SkipDevices {
 		return nil
 	}
 
diff --git a/libcontainer/configs/cgroup_unix.go b/libcontainer/configs/cgroup_unix.go
index acf0562..618a43d 100644
--- a/libcontainer/configs/cgroup_unix.go
+++ b/libcontainer/configs/cgroup_unix.go
@@ -130,4 +130,6 @@ type Resources struct {
 
 	// Set class identifier for container's network packets
 	NetClsClassid uint32 `json:"net_cls_classid_u"`
+
+	SkipDevices bool `json:"-"`
 }
diff --git a/update.go b/update.go
index 226a18a..c929f8f 100644
--- a/update.go
+++ b/update.go
@@ -254,6 +254,8 @@ other options are ignored.
 		config.Cgroups.Resources.MemorySwap = *r.Memory.Swap
 		config.Cgroups.Resources.PidsLimit = r.Pids.Limit
 
+		config.Cgroups.Resources.SkipDevices = true
+
 		return container.Set(config)
 	},
 }
-- 
2.27.0