<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
<div>Hello,</div>
<div> </div>
<div>Currently I try to create an lxc-application container which needs access to a GPIO. The GPIO can be accessed over the sysfs:</div>
<div>/sys/class/gpio</div>
<div> </div>
<div>The container will be executed with lxc-execute (for development I mounted the whole bin directory into the container in order to start a bash):</div>
<div>
<div> </div>
<div>sudo lxc-execute -n gpio-client -f /var/proj/gpio-client/lxc.conf -- bin/bash</div>
<div> </div>
<div> </div>
<div>When I do that with a privileged container everything is fine. I can access the gpio (export/unexport and read/write) without any problems.</div>
<div>Here are the mount entries of lxc.conf for that:</div>
<div>
<div> </div>
<div>lxc.rootfs = /var/proj/gpio-client/rootfs<br/>
# mount needed directories from host<br/>
lxc.mount.entry=/lib lib none ro,bind 0 0<br/>
lxc.mount.entry=/sys/class/gpio sys/class/gpio none rw,bind 0 0<br/>
lxc.mount.entry=/sys/devices sys/devices none rw,bind 0 0<br/>
lxc.mount.entry=/usr/lib usr/lib none ro,bind 0 0<br/>
lxc.mount.entry=/bin bin none ro,bind 0 0</div>
<div> </div>
<div> </div>
<div>But when I add a uid/gid-mapping like the following it doesn't work any longer:</div>
<div>
<div> </div>
<div>lxc.id_map = u 0 1000000 65536<br/>
lxc.id_map = g 0 1000000 65536</div>
<div> </div>
<div> </div>
<div>I also added the entries in /etc/subuid and /etc/subgid. Further I changed the group of /sys/class/gpio (and its subdirectories) to a new group called "gpio":</div>
<div>
<div> </div>
<div>zedboard-zynq7:/sys/class/gpio$ ls -l<br/>
total 0<br/>
--w-rw---- 1 root gpio 4096 Feb 20 12:48 export<br/>
lrwxrwxrwx 1 root gpio 0 Feb 20 12:43 gpio890 -> ../../devices/gpiochip2/gpio/gpio890<br/>
lrwxrwxrwx 1 root gpio 0 Feb 20 12:48 gpio898 -> ../../devices/gpiochip1/gpio/gpio898<br/>
lrwxrwxrwx 1 root gpio 0 Feb 20 12:41 gpiochip890 -> ../../devices/gpiochip2/gpio/gpiochip890<br/>
lrwxrwxrwx 1 root gpio 0 Feb 20 12:41 gpiochip898 -> ../../devices/gpiochip1/gpio/gpiochip898<br/>
lrwxrwxrwx 1 root gpio 0 Feb 20 12:41 gpiochip906 -> ../../devices/soc0/amba/e000a000.gpio/gpio/gpiochip906<br/>
--w-rw---- 1 root gpio 4096 Feb 20 12:41 unexport</div>
<div> </div>
<div> </div>
</div>
<div>
<div>I created a user gpio-user with the uid 1000000 which was added to the group gpio. When I login as gpio-user I am able to access gpios. But when I execute the (now unprivileged) application-container I cannot access the gpios any longer. From the bash inside the container I can see that the direcotry /sys/class/gpio (and its subdirs) has a completly different owner/group:</div>
<div>
<div>
<div> </div>
<div>zedboard-zynq7:/var/proj/gpio-client$ sudo lxc-execute -n gpio-client -f /var/proj/gpio-client/lxc.conf -- bin/bash<br/>
init.lxc.static: initutils.c: mount_fs: 36 failed to mount /proc : Operation not permitted<br/>
init.lxc.static: initutils.c: mount_fs: 36 failed to mount /dev/mqueue : No such device<br/>
bash: cannot set terminal process group (1): Inappropriate ioctl for device<br/>
bash: no job control in this shell</div>
</div>
<div>bash-4.3# cd /sys/class/<br/>
bash-4.3# ls -l<br/>
total 0<br/>
drwxrwxr-x 2 65534 65534 0 Feb 20 12:48 gpio</div>
</div>
<div> </div>
<div> </div>
<div>I hope you can give me some advise of how to solve the problem</div>
<div> </div>
<div>Best regards</div>
<div>Sebastian Schwanewilms</div>
<div> </div>
</div>
<div> </div>
</div>
</div>
<div> </div>
</div>
</div></div></body></html>