From af821dd3922ceadcbf27c126e12d71da407f3b74 Mon Sep 17 00:00:00 2001
From: Ambrose Chua <ambrose@hey.com>
Date: Sat, 15 May 2021 20:12:00 +0800
Subject: [PATCH] Allow device through cgroupv1/eBPF device filter

---
 runc-wrapper | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/runc-wrapper b/runc-wrapper
index b0a56b9..5ae2fd5 100755
--- a/runc-wrapper
+++ b/runc-wrapper
@@ -11,7 +11,17 @@ if [ -f config.json ]; then
 			"source": "/dev/kvm",
 			"options": [ "bind", "rw" ]
 		}
+	] |
+	.linux.resources.devices |= . + [
+		{
+			"allow": true,
+			"type": "c",
+			"major": 10,
+			"minor": 232,
+			"access": "rwm"
+		}
 	]' config.old.json > config.json
+	cp config.json /tmp/config.json
 fi
 
 exec $RUNC "$@"