[Lxc-users] mknod after instance creation?
Stéphane Graber
stgraber at ubuntu.com
Mon Nov 7 01:15:48 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 11/05/2011 11:51 AM, Gordon Henderson wrote:
> On Sat, 5 Nov 2011, Daniel Lezcano wrote:
>
>> On 11/05/2011 12:06 AM, Dong-In David Kang wrote:
>>> Hi,
>>>
>>> Is it possible to do "mknod" after creation of an LXC
>>> instance? I need to do "mknod" not only at bootup time, but
>>> also at run-time. This is needed when I want to dynamically add
>>> devices to LXC instance. Is it possible? If it is, how can I do
>>> it?
>>>
>>> I've seen the case of "mknod" at bootup time of an LXC
>>> instance. But, I haven't seen the usage of "mknod" at run-time
>>> after boot-up. Is it the limitation of LXC?
>>
>> Just comment out the lxc.cgroup.devices.* lines in the
>> configuration file.
>
> Yup - same issue I had a few days ago.
>
> However it also helped me yesterday too when I had been given a
> vmware instance to extract some data from - I manged to unpack it
> into a regular filesystem, then on a whim, I decided to run it up
> under LXC - it kicked off udev which mknods, so letting it do that
> make it work OK - actually work very OK after I tweaked a few
> things in the startup scripts to stop it grabbing the console, so
> much so that the people I was doing it for want to keep it going
> for a while rather than extract the data and import it into their
> new system - it turned out to be an FC11 image - my host is
> Debian!
>
> Gordon
You may want to apply the change I submitted to lxc-devel a few days ago:
- ---
templates/lxc-ubuntu.in | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index 4f44b03..2be8680 100644
- --- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -179,9 +179,12 @@ lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.mount = $path/fstab
lxc.arch = $arch
- -lxc.cap.drop = sys_module mac_override mac_admin
+lxc.cap.drop = sys_module
lxc.cgroup.devices.deny = a
+# Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
- --
1.7.7
This will allow any mknod to succeed but won't grant access to the
created devices unless whitelisted. This should solve most of the
runtime issues I noticed (upgrading udev being one of them).
- --
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJOtzFDAAoJEMY4l01keS1n7QcQANct4lCROE1EMsaYKQ79xwSu
kquXbRewiyebE9ji2gavGSCUffx+wDHw5AwOVpSppmlEPIhawgJhDcXSWJ+YWPyp
ZM5C+w7/pcUVox/prxNB2pFaPBecXWVS5YeOXAC5XXyqNJkWtBlU7abt8UT4lrNz
BKoMc8YlQdDc2pYVmTyMBv6lMFQsV40Cm5TpEXvraRC7KlH4/gL1cIwXdpC4Aku/
D7775KRohl/OqCgijTxT3fsrcvIiKPes9toXaR+2JqAPh74x3tEui+qQfkZMs+78
CieEx+buJy83iMWv5L60bS/LW5pVk34Cz3nAfWZ50kUbB4HEdTR6ldBSwLD7O626
F0iqnIzMR6MKn/zvCC5tKK2Dp8/zMUyojDzKV+03DSDLQ88kNLu2nllw18rKVPUx
IQemtJ2NfpXluin9ccDEcpJaw+8AcicoFgK4as+DQv50favSgJDhTTYbqBPWyPQU
znsUiPv3Oei+nMXXjQnOlSfa/rOBD6kMM7QSDgBpuDQNz+8A7jYPsesyuhJ6RYOz
jvt3yfIdu6n/okutLbFKgs2cNuLhZjHz8EwdWkP0bxM10dE8rNAQAu5c590cgY5F
ZP22DLDbshjPTfioTVi4O+oLtBHt19sY5lOVQSYAbL/61jp+WoAeen6dsw+zgEiU
+Qq1K61uAh4FJMYNZIwl
=tA0q
-----END PGP SIGNATURE-----
More information about the lxc-users
mailing list