[lxc-devel] Device Namespaces

Michael J Coss michael.coss at alcatel-lucent.com
Wed Oct 2 00:20:32 UTC 2013


On 10/1/2013 4:46 PM, Serge Hallyn wrote:
> I thought the suggestion was that udev on the host would be given
> container-specific rules, saying "plop this device into /dev/container1/"
> (with /dev/container1 being bind-mounted to $container1_rootfs/dev).
>
> -serge
At least for my use case this isn't sufficient.  I need to have the 
uevents actually propagated to the container.  I'm running an Xserver in 
the container, and I need the keyboard/mouse/display add/remove to show 
up as udev events so X will use the appropriate devices.  Further, I 
can't have *all* uevents propagated to *all* containers, because X will 
want to use all the devices.

Kernel changes are required to stop the broadcast of uevents to all 
kernel socket listeners in all namespaces.  And a minor addition is 
needed to be able to forward a given event to any listeners within a 
given namespace.  A user space daemon can filter events and forward them 
to the appropriate containers.

You still have fix the /dev in the container, and I put a local dev 
directory in /etc/lxc/<container> and bind mount to allow my systemd 
container to actually run udev, and have a custom /dev directory.

-- 
---Michael J Coss





More information about the lxc-devel mailing list