kubelet/cm: don't set Devices

Since runc 1.0.0 it is now sufficient to have SkipDevices: true. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-07-23 03:41:45 +00:00 · 2021-05-21 13:53:23 -07:00 · 2021-05-21 13:53:23 -07:00 · e5b434e990
commit e5b434e990
parent eb5df869ba
3 changed files with 0 additions and 30 deletions
--- a/pkg/kubelet/cm/cgroup_manager_linux.go
+++ b/pkg/kubelet/cm/cgroup_manager_linux.go
@ -33,7 +33,6 @@ import (
 	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
 	cgroupsystemd "github.com/opencontainers/runc/libcontainer/cgroups/systemd"
 	libcontainerconfigs "github.com/opencontainers/runc/libcontainer/configs"
-	libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices"
 	"k8s.io/klog/v2"
 	v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"

@ -380,15 +379,6 @@ func getSupportedUnifiedControllers() sets.String {

 func (m *cgroupManagerImpl) toResources(resourceConfig *ResourceConfig) *libcontainerconfigs.Resources {
 	resources := &libcontainerconfigs.Resources{
-		Devices: []*libcontainerdevices.Rule{
-			{
-				Type:        'a',
-				Permissions: "rwm",
-				Allow:       true,
-				Minor:       libcontainerdevices.Wildcard,
-				Major:       libcontainerdevices.Wildcard,
-			},
-		},
 		SkipDevices: true,
 	}
 	if resourceConfig == nil {
--- a/pkg/kubelet/cm/container_manager_linux.go
+++ b/pkg/kubelet/cm/container_manager_linux.go
@ -38,7 +38,6 @@ import (
 	utilio "k8s.io/utils/io"
 	utilpath "k8s.io/utils/path"

-	libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices"
 	libcontaineruserns "github.com/opencontainers/runc/libcontainer/userns"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@ -396,15 +395,6 @@ func createManager(containerName string) (cgroups.Manager, error) {
 		Parent: "/",
 		Name:   containerName,
 		Resources: &configs.Resources{
-			Devices: []*libcontainerdevices.Rule{
-				{
-					Type:        'a',
-					Permissions: "rwm",
-					Allow:       true,
-					Minor:       libcontainerdevices.Wildcard,
-					Major:       libcontainerdevices.Wildcard,
-				},
-			},
 			SkipDevices: true,
 		},
 	}
--- a/pkg/kubelet/dockershim/cm/container_manager_linux.go
+++ b/pkg/kubelet/dockershim/cm/container_manager_linux.go
@ -28,7 +28,6 @@ import (
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices"
 	utilversion "k8s.io/apimachinery/pkg/util/version"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/klog/v2"
@ -127,15 +126,6 @@ func createCgroupManager(name string) (cgroups.Manager, error) {
 			Memory:      int64(memoryLimit),
 			MemorySwap:  -1,
 			SkipDevices: true,
-			Devices: []*libcontainerdevices.Rule{
-				{
-					Minor:       libcontainerdevices.Wildcard,
-					Major:       libcontainerdevices.Wildcard,
-					Type:        'a',
-					Permissions: "rwm",
-					Allow:       true,
-				},
-			},
 		},
 	}
 	return cgroupfs.NewManager(cg, nil, false), nil