Use mask definitions from containers/common @rhatdan

[rhatdan]

What type of PR is this?

/kind api-change
/kind bug
/kind cleanup
/kind deprecation
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake
/kind other

What this PR does / why we need it:

How to verify it

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

The /sys/devices/virtual/powercap is now masked over during builds.

[rhatdan]

@mheon PTAL

[mheon]

LGTM

[nalind]

This appears to allow the rest of /sys/dev, which we didn't before.

[rhatdan]

Podman switched from /sys/dev to /sys/dev/block a while ago. So I went with the Podman default.

[nalind]

Is it correct for build-time as well as run-time?

[rhatdan]

I would figure. Are concerned about access to content in /sys/dev? Note this is looser then buildah had before.

[nalind]

It being looser is what prompted my question. containers/podman#6957 masked all of /sys/dev without being more specific about what under it mattered, containers/podman#8408 narrowed the default to /sys/dev/block, and https://github.com/containers/podman/issues/12746 is asking to unmask the only part under it that we're still going to be masking.

[rhatdan]

Yup, just going for consistency now.

[rhatdan]

@flouthoc @nalind @giuseppe @vrothberg PTAL

[flouthoc]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: flouthoc, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [flouthoc,rhatdan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nalind]

/cherry-pick release-1.32

[openshift-cherrypick-robot]

@nalind: containers/podman#5111 failed to apply on top of branch "release-1.32":

Applying: Vendor in latest containers/common
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/github.com/containers/common/pkg/config/default.go
M	vendor/github.com/onsi/gomega/CHANGELOG.md
M	vendor/github.com/onsi/gomega/gomega_dsl.go
M	vendor/github.com/onsi/gomega/matchers.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/github.com/onsi/gomega/matchers.go
CONFLICT (content): Merge conflict in vendor/github.com/onsi/gomega/matchers.go
Auto-merging vendor/github.com/onsi/gomega/gomega_dsl.go
CONFLICT (content): Merge conflict in vendor/github.com/onsi/gomega/gomega_dsl.go
Auto-merging vendor/github.com/onsi/gomega/CHANGELOG.md
CONFLICT (content): Merge conflict in vendor/github.com/onsi/gomega/CHANGELOG.md
Auto-merging vendor/github.com/containers/common/pkg/config/default.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Vendor in latest containers/common
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-1.32

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.