From 03b3ec1dd52bb45eaa73864b62177c13c348c639 Mon Sep 17 00:00:00 2001
From: wenlxie <wenlxie@ebay.com>
Date: Fri, 9 Feb 2018 16:03:08 +0800
Subject: [PATCH] make --device works at privileged mode

Signed-off-by: wenlxie <wenlxie@ebay.com>
---
 daemon/container.go | 16 ++++++++++++++++
 daemon/oci_linux.go |  1 +
 2 files changed, 17 insertions(+)

diff --git a/daemon/container.go b/daemon/container.go
index a82d60c268..ed4f80ae9e 100644
--- a/daemon/container.go
+++ b/daemon/container.go
@@ -275,6 +275,22 @@ func validateHostConfig(hostConfig *containertypes.HostConfig, platform string)
 	if hostConfig == nil {
 		return nil
 	}
+
+	if hostConfig.Privileged {
+		for _, deviceMapping := range hostConfig.Devices {
+			if deviceMapping.PathOnHost == deviceMapping.PathInContainer {
+				continue
+			}
+			if _, err := os.Stat(deviceMapping.PathInContainer); err != nil {
+				if os.IsNotExist(err) {
+					continue
+				}
+				return errors.Wrap(err, "error stating device path in container")
+			}
+			return errors.Errorf("container device path: %s must be different from any host device path for privileged mode containers", deviceMapping.PathInContainer)
+		}
+	}
+
 	if hostConfig.AutoRemove && !hostConfig.RestartPolicy.IsNone() {
 		return errors.Errorf("can't create 'AutoRemove' container with restart policy")
 	}
diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
index 65d2e48ef7..780844cf9d 100644
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
@@ -16,6 +16,7 @@ import (
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/container"
 	daemonconfig "github.com/docker/docker/daemon/config"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/oci"
 	"github.com/docker/docker/oci/caps"
 	"github.com/docker/docker/pkg/idtools"