[Lxc-users] Permission problem with /dev/net/tun (despite echoes to cgroup)

Serge Hallyn serge.hallyn at ubuntu.com
Mon Jul 1 14:47:54 UTC 2013


Quoting Thomas Karcher (thkarcher at gmx.de):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi folks,
> 
> the symptom my libvirt LXC container suffers from is:

Note this mailing list is for "lxc" (lxc.sf.net,
https://github.com/lxc/lxc), which is a different userspace
implementation of containers than libvirt lxc.

Libvirt lxc doesn't allow CAP_MKNOD inside a container.  AFAICS
this is not configurable.  With "lxc", it is configurable with
lxc.cap.drop (see lxc.conf(5)) and by default allowed in Ubuntu
raring.

Are you using this with openstack?

-serge




More information about the lxc-users mailing list