From 59daf73a624cc2cafbb5ac5247199c64380f1cd0 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 7 Sep 2017 15:51:59 +0200 Subject: [PATCH] tpm: move createVTPMs to point after init of config.Namespaces Move the call to createVTPMs() to a point after the config.Namespaces has been initialized. Move the Cgroup creation after the createVTPMs() call, otherwise the Cgroup entries for the /dev/tpm* devices will not be there. Signed-off-by: Stefan Berger --- libcontainer/specconv/spec_linux.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index bd23744bb8f..43e970be0d1 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -194,14 +194,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { if err := setupUserNamespace(spec, config); err != nil { return nil, err } - if err := createVTPMs(spec, config); err != nil { - return nil, err - } - c, err := createCgroupConfig(opts) - if err != nil { - return nil, err - } - config.Cgroups = c // set linux-specific config if spec.Linux != nil { if config.RootPropagation, exists = mountPropagationMapping[spec.Linux.RootfsPropagation]; !exists { @@ -237,6 +229,14 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { config.Seccomp = seccomp } } + if err := createVTPMs(spec, config); err != nil { + return nil, err + } + c, err := createCgroupConfig(opts) + if err != nil { + return nil, err + } + config.Cgroups = c if spec.Process.SelinuxLabel != "" { config.ProcessLabel = spec.Process.SelinuxLabel }