From a9d5377bd976bfbdc285b859e08a52a93c41f541 Mon Sep 17 00:00:00 2001
From: Snir Sheriber <ssheribe@redhat.com>
Date: Wed, 3 Nov 2021 14:04:59 +0200
Subject: [PATCH] cgroups: pass vhost-vsock device to cgroup

for the sandbox cgroup

Backport-from: #2959
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
---
 src/runtime/virtcontainers/pkg/cgroups/cgroups.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/runtime/virtcontainers/pkg/cgroups/cgroups.go b/src/runtime/virtcontainers/pkg/cgroups/cgroups.go
index 978266711c..2e243a3868 100644
--- a/src/runtime/virtcontainers/pkg/cgroups/cgroups.go
+++ b/src/runtime/virtcontainers/pkg/cgroups/cgroups.go
@@ -53,9 +53,10 @@ func sandboxDevices() []specs.LinuxDeviceCgroup {
 	// In order to run Virtual Machines and create virtqueues, hypervisors
 	// need access to certain character devices in the host, like kvm and vhost-net.
 	hypervisorDevices := []string{
-		"/dev/kvm",       // To run virtual machines
-		"/dev/vhost-net", // To create virtqueues
-		"/dev/vfio/vfio", // To access VFIO devices
+		"/dev/kvm",         // To run virtual machines
+		"/dev/vhost-net",   // To create virtqueues
+		"/dev/vfio/vfio",   // To access VFIO devices
+		"/dev/vhost-vsock", // To interact with vsock if
 	}
 
 	defaultDevices = append(defaultDevices, hypervisorDevices...)