<div dir="ltr">Thanks again. Is there a good place to look for an explanation of the settings you gave me before?<div><br></div><div><span style="font-family:arial,sans-serif;font-size:13px">lxc.cgroup.devices.allow = c 10:236 rwm</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">lxc.cgroup.devices.allow = b 252:* rwm</span><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jan 16, 2014 at 2:02 PM, Serge Hallyn <span dir="ltr"><<a href="mailto:serge.hallyn@ubuntu.com" target="_blank">serge.hallyn@ubuntu.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Quoting Jeremiah Snapp (<a href="mailto:jeremiah.snapp@gmail.com">jeremiah.snapp@gmail.com</a>):<br>
> Thanks Serge! I actually just found out in IRC that further in my config I<br>
> was denying access. Once I allowed access it works fine.<br>
><br>
> Yours is the second warning I've received about using LVM in a container.<br>
> I don't know the details of the concern but can you tell me if it would<br>
> require human error to cause problems?<br>
<br>
</div>Well human error would help :) But also allowing the container to have<br>
all the privileges it needs to do lvm+mounting means that anything in<br>
the continer could mess with the host.<br>
<div class="im"><br>
> I'm not using this in production by<br>
> the way. These are throw away test containers.<br>
<br>
</div>If it's also a throw away test host, then there's nothing to worry<br>
about.<br>
<div class="im"><br>
> The app installed inside<br>
> requires an LVM volume.<br>
<br>
</div>Nothing *should* go wrong :) It's just that by having access to the<br>
host disk devices, any malware/bugs in the container can easily hose<br>
your host, replace your /sbin/init, etc.<br>
<div class="HOEnZb"><div class="h5"><br>
-serge<br>
_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
</div></div></blockquote></div><br></div>