[Lxc-users] udev
Osvaldo Filho
arquivostcf at gmail.com
Sat Jul 31 01:51:02 UTC 2010
Ok but ...
and the "lxc-console" problem?
2010/7/30 C Anthony Risinger <anthony at extof.me>:
> (sorry for top post... mobiles don't make it easy otherwise)
>
> Yes it would be better if you deny all, then specifically allow any
> devices the container needs [to create].
>
> Also, private devpts is already possible... just add "newinstance" to
> devpts mount options; you should also do this for the host, and
> ensure /dev/ptmx is a symlink to /dev/pts/ptmx for both host and
> containers.
>
> C Anthony [mobile]
>
> On Jul 30, 2010, at 8:21 PM, "Serge E. Hallyn" <serge.hallyn at canonical.com
> > wrote:
>
>> Quoting Osvaldo Filho (arquivostcf at gmail.com):
>>> The problem is with config file, on lxc-create
>>> lxc.cgroup.devices.deny = a
>>>
>>> Solved.
>>
>> That's ok if you don't mind, but not the generally preferred
>> solution, since without a custom selinux or smack policy you
>> don't have anything else protecting your devices.
>>
>> -serge
>>
>> ---
>> ---
>> ---
>> ---------------------------------------------------------------------
>> The Palm PDK Hot Apps Program offers developers who use the
>> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
>> of $1 Million in cash or HP Products. Visit us here for more details:
>> http://p.sf.net/sfu/dev2dev-palm
>> _______________________________________________
>> Lxc-users mailing list
>> Lxc-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
More information about the lxc-users
mailing list