podman: cannot assign device path with colon

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

There is no way to escape colons in paths provided in podman run --device ...

Steps to reproduce the issue:

  1. Find some device with colons or make one. /dev/*/by-path are good candidates:
$ ls -l /dev/*/*by*/*:*
lrwxrwxrwx 1 root root  9 Sep 16 16:08 /dev/disk/by-id/usb-Generic-_Micro_SD_M2_058F84688461-0:1 -> ../../sdb
lrwxrwxrwx 1 root root  9 Sep 16 16:08 /dev/disk/by-id/usb-Generic-_SD_MMC_058F84688461-0:0 -> ../../sda
lrwxrwxrwx 1 root root  9 Sep 16 16:08 /dev/disk/by-path/pci-0000:00:14.0-usb-0:2.1:1.0-scsi-0:0:0:0 -> ../../sda
lrwxrwxrwx 1 root root  9 Sep 16 16:08 /dev/disk/by-path/pci-0000:00:14.0-usb-0:2.1:1.0-scsi-0:0:0:1 -> ../../sdb
lrwxrwxrwx 1 root root 13 Jul 27 11:00 /dev/disk/by-path/pci-0000:3d:00.0-nvme-1 -> ../../nvme0n1
...
  1. try to pass it to a container with podman run --device=/dev/... image

Describe the results you received:

stat xxx: no such file or directory with path truncated before colon. Nothing I could think of as escape worked.

Describe the results you expected:

There should be a way of not splitting at colons, e.g. by allowing escapes or encoding : differently (à la systemd-escape, e.g. : -> \x3a ?)

Additional information you deem important (e.g. issue happens only occasionally):

Workaround: do lookup manually and create with mknod or link destination, and use another fixed path within container Solution: iiuc the fix would be in ParseDevice in pkg/specgen/generate/config_linux.go, replacing strings.Split(device, ":") by something slightly smarter. I didn’t try.

Output of podman version:

tried on 3.2.3 but the code is still the same as of today’s master 8e2d25e937

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Comments: 18 (9 by maintainers)

Most upvoted comments

Well I believe we currently stat the device if all of the information is not provided, like major/minor number.

Bottom line is this is something we should support.

Using CSV seems like a better alternative. Now we just need someone to implement it. My point is that this is a bug and something that we should fix.

+1
rhatdan on Jun 14, 2023

We could change the code to see if a device on the host exists with the name with colons before splitting it.

Check if –device /dev/iio:device0:/dev/device0:rw

Could check if a device named /dev/iio:device0:/dev/device0:rw /dev/iio:device0:/dev/device0 /dev/iio:device0 /dev/iio On the host and then interpret the remainder of the option.

+1
rhatdan on Jun 13, 2023

hmm, that definitely used to work, but it looks like it’s been broken for a while alright… it does work with volume so I guess it’s not all lost.

For devices now I just gave up and our current recommendation for our users is to just pass /dev as a volume and trust --device-cgroup-rule – it’s not as practical as passing a single device, but it works in practice. Also, if you just really need a single device you can extract major/minor and recreate another node with the same name instead of ln, but that’s a bit heavyweight…

+1
martinetd on Jun 12, 2023

I think @giuseppe 's suggestion of using /proc/self/fd/x is more robust, even if it’s a bit of a pain to use and might have side-effects for some devices (some drivers don’t like having a device open multiple times and podman does not close the fd after getting infos from that path)

another alternative could be a symlink. You need to clean it up afterwards but at least it doesn’t cause side effects like opening the device earlier

+1
giuseppe on Dec 16, 2021
Read more comments on GitHub
← podman: Cannot access published ports from remote hosts
podman: Cannot connect to debug port on Windows (WSL2) →