[lxc-devel] Device Namespaces
Michael J Coss
michael.coss at alcatel-lucent.com
Wed Oct 2 00:20:32 UTC 2013
On 10/1/2013 4:46 PM, Serge Hallyn wrote:
> I thought the suggestion was that udev on the host would be given
> container-specific rules, saying "plop this device into /dev/container1/"
> (with /dev/container1 being bind-mounted to $container1_rootfs/dev).
>
> -serge
At least for my use case this isn't sufficient. I need to have the
uevents actually propagated to the container. I'm running an Xserver in
the container, and I need the keyboard/mouse/display add/remove to show
up as udev events so X will use the appropriate devices. Further, I
can't have *all* uevents propagated to *all* containers, because X will
want to use all the devices.
Kernel changes are required to stop the broadcast of uevents to all
kernel socket listeners in all namespaces. And a minor addition is
needed to be able to forward a given event to any listeners within a
given namespace. A user space daemon can filter events and forward them
to the appropriate containers.
You still have fix the /dev in the container, and I put a local dev
directory in /etc/lxc/<container> and bind mount to allow my systemd
container to actually run udev, and have a custom /dev directory.
--
---Michael J Coss
More information about the lxc-devel
mailing list