[Lxc-users] Hiding PCI devices inside the container
Serge Hallyn
serge.hallyn at canonical.com
Wed Jun 29 19:58:05 UTC 2011
Quoting Devendra K. Modium (dmodium at isi.edu):
> Hi
>
> Please let me know is it possible to hide PCI devices inside the container.
> Although I used the cgroups.deny=a option in the configuration script.
> When I run the command lspci inside container, I can see all the devices connected to host machine.
>
> Please let me know if I can avoid it someway or is there any development going on currently.
Not currently possible. Things that would help this are /proc and
/sys filtering and device namespaces. Daniel was looking into a
/proc filtering approach recently, but noone is working on device
namespaces that I know of.
More information about the lxc-users
mailing list