[Lxc-users] LVM logical volume in container

Serge Hallyn serge.hallyn at canonical.com
Thu Apr 14 22:51:22 UTC 2011


Quoting Benjamin Kiessling (mittagessen at l.unchti.me):
> Hi,
> 
> I've got several logical volumes in /dev/vms/ and want to assign each of those
> lv to a single LXC container, i.e. I have vm0 and vm1 and want vm0 to have
> access to only /dev/vms/vm0 (and vm1 to /dev/vms/vm1). Is there a way to do
> this securely and without too much hassle? I tried bind mounts but couldn't
> get it working as they only work with directories.

I assume you're not wanting to use this as the container's rootfs, just to
mount it while logged into the container?

You just add it's major/minor number to the devices whitelist in the container
config file.  For instance, I have some lvms:

serge at sergelap:~$ ls -l /dev/lxc
total 0
lrwxrwxrwx 1 root root 7 2011-04-13 15:26 karmic -> ../dm-2
lrwxrwxrwx 1 root root 8 2011-04-13 15:52 l1 -> ../dm-11
lrwxrwxrwx 1 root root 7 2011-04-13 15:52 l3 -> ../dm-5
lrwxrwxrwx 1 root root 7 2011-04-13 15:52 lucid -> ../dm-0
lrwxrwxrwx 1 root root 7 2011-04-13 15:26 maverick -> ../dm-1
lrwxrwxrwx 1 root root 7 2011-04-13 15:26 natty -> ../dm-4
lrwxrwxrwx 1 root root 7 2011-04-13 15:26 nattylxcguest -> ../dm-8

the lvm called 'karmic' in vgroup 'lxc' is actually dm-2.

serge at sergelap:~$ ls -l /dev/dm-2
brw-rw---- 1 root disk 252, 2 2011-04-13 15:26 /dev/dm-2

So I would allow a container 'natty' to mount it by editing
/var/lib/lxc/natty/config, and adding this line:

lxc.cgroup.devices.allow = b 252:2 rwm

-serge




More information about the lxc-users mailing list