[Lxc-users] /dev/rtc
Serge Hallyn
serge.hallyn at canonical.com
Wed Aug 11 18:03:39 UTC 2010
Quoting Papp Tamás (tompos at martos.bme.hu):
>
> Daniel Lezcano wrote, On 2010. 08. 09. 0:37:
> > On 08/08/2010 12:23 AM, Papp Tamas wrote:
> >> hi!
> >>
> >> I use the everywhere offered lxc configuration as:
> >>
> >> lxc.cgroup.devices.deny = a
> >> # /dev/null and zero
> >> lxc.cgroup.devices.allow = c 1:3 rwm
> >> lxc.cgroup.devices.allow = c 1:5 rwm
> >> # consoles
> >> lxc.cgroup.devices.allow = c 5:1 rwm
> >> lxc.cgroup.devices.allow = c 5:0 rwm
> >> lxc.cgroup.devices.allow = c 4:0 rwm
> >> lxc.cgroup.devices.allow = c 4:1 rwm
> >> # /dev/{,u}random
> >> lxc.cgroup.devices.allow = c 1:9 rwm
> >> lxc.cgroup.devices.allow = c 1:8 rwm
> >> # /dev/pts/* - pts namespaces are "coming soon"
> >> lxc.cgroup.devices.allow = c 136:* rwm
> >> lxc.cgroup.devices.allow = c 5:2 rwm
> >> # rtc
> >> lxc.cgroup.devices.allow = c 254:0 rwm
> >>
> >>
> >>
> >> Why does the container have write access to /dev/rtc ? Why can the
> >> container set the host's time and date setup.
> >>
> >
> > Good point. I think it would be preferable to set it read only in the
> > /dev directory and the container configuration.
> >
>
> Well, I tried it, I set up:
>
> lxc.cgroup.devices.allow = c 254:0 r
>
> Now I have no /dev/rtc0. Why?
I guess the container tried to create it after being moved into the
devices cgroup. You didn't give the container the rights to create that
device.
> Does the container need it anyway?
Well, you tell us - how is your container doing now that it doesn't
have it?
-serge
More information about the lxc-users
mailing list