 package oci
 import (
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 // Device transforms a libcontainer configs.Device to a specs.Device object.
 func Device(d *configs.Device) specs.Device {
 	return specs.Device{
 		Type:     string(d.Type),
 		Path:     d.Path,
 		Major:    d.Major,
 		Minor:    d.Minor,
 		FileMode: fmPtr(int64(d.FileMode)),
 		UID:      u32Ptr(int64(d.Uid)),
 		GID:      u32Ptr(int64(d.Gid)),
 func deviceCgroup(d *configs.Device) specs.DeviceCgroup {
 	t := string(d.Type)
 	return specs.DeviceCgroup{
 		Allow:  true,
 		Type:   &t,
 		Major:  &d.Major,
 		Minor:  &d.Minor,
 		Access: &d.Permissions,
 // DevicesFromPath computes a list of devices and device permissions from paths (pathOnHost and pathInContainer) and cgroup permissions.
 func DevicesFromPath(pathOnHost, pathInContainer, cgroupPermissions string) (devs []specs.Device, devPermissions []specs.DeviceCgroup, err error) {
 	resolvedPathOnHost := pathOnHost
 	// check if it is a symbolic link
 	if src, e := os.Lstat(pathOnHost); e == nil && src.Mode()&os.ModeSymlink == os.ModeSymlink {
 		if linkedPathOnHost, e := filepath.EvalSymlinks(pathOnHost); e == nil {
 			resolvedPathOnHost = linkedPathOnHost
 	device, err := devices.DeviceFromPath(resolvedPathOnHost, cgroupPermissions)
 	// if there was no error, return the device
 	if err == nil {
 		device.Path = pathInContainer
 		return append(devs, Device(device)), append(devPermissions, deviceCgroup(device)), nil
 	// if the device is not a device node
 	// try to see if it's a directory holding many devices
 	if err == devices.ErrNotADevice {
 		// check if it is a directory
 		if src, e := os.Stat(resolvedPathOnHost); e == nil && src.IsDir() {
 			// mount the internal devices recursively
 			filepath.Walk(resolvedPathOnHost, func(dpath string, f os.FileInfo, e error) error {
 				childDevice, e := devices.DeviceFromPath(dpath, cgroupPermissions)
 				if e != nil {
 					// ignore the device
 					return nil
 				// add the device to userSpecified devices
 				childDevice.Path = strings.Replace(dpath, resolvedPathOnHost, pathInContainer, 1)
 				devs = append(devs, Device(childDevice))
 				devPermissions = append(devPermissions, deviceCgroup(childDevice))
 				return nil
 	if len(devs) > 0 {
 		return devs, devPermissions, nil
 	return devs, devPermissions, fmt.Errorf("error gathering device information while adding custom device %q: %s", pathOnHost, err)