[Lxc-users] Bug with cgroup devices access rights!?
sfrazt
sfrazt at googlemail.com
Thu Sep 8 20:18:15 UTC 2011
> I use up-to-date aptosid kernel (3.0.4) and tested the cgroup device access
> rights with rtc.
> test:
> - start with no rights for c 254 0 (rtc).
> - start container, terminal and become root (i deleted all rtc-files in
> container before)
> - mknod -600 rtc0 c 254 0 -> not permitted
> - on host: echo 'c 254:0 m' > /cgroup/a/devices.allow
> - mknod works now
> - in container: hwclock -r (read time) doesn't work
> - on host: echo 'c 254:0 r' > /cgroup/a/devices.allow
> - hwclock -r does work now
>
> - cat /cgroup/a/devices.list shows that rtc has only read right
>
> - in container; hwclock --set --date"9/22/96" does work!
> - host hwclock -r shows now the new date!
>
> i'm not sure if it is a bug or strange behaviour. Does it happen only with
> aptosid kernel or is it a general kernel bug?
Problem solved.
/dev/rtc is only used to read the time.
To write the date and time the ioctl function settimeofday is used. To
prevent this you have to drop the capability sys_time
More information about the lxc-users
mailing list