[Lxc-users] Facing issue in Sharing host device node with container

Serge Hallyn serge.hallyn at ubuntu.com
Mon Jun 24 19:32:13 UTC 2013


Quoting Datta, Souvik (Souvik.Datta at harman.com):
> Hi,
> 
> I have created a ubuntu - precise container inside of Ubuntu host (precise).  I am trying to share a plugged in USB MSD device between host and container. In order to do so, I did a bind mount of the host device node to a fake node in the container. Following are the steps that I did:
> 
> 1. Inside the container , created a file /dev/usb 
> 2. In the host shell executed - sudo mount --bind /dev/sdb1 /var/lib/lxc/CN/rootfs/dev/usb
> 
> After this, I went and changed the configuration file in /var/lib/lxc/CN/config to give the container access to /dev/sdb1. The changes made in the config file is:
> lxc.cgroup.devices.allow = b 8:17 rwm
> 
> In the container ,  when I execute ls -al "/dev/usb", it shows the following:
> brw-rw---- 1 root disk 8, 17 Jun 24 09:26 /dev/usb
> 
> In the host, when I execute - mount , along with other mount point, it shows the following:
> ....
> /dev/sdb1 on /var/lib/lxc/CN/rootfs/dev/usb type none (rw,bind)
> ....
> 
> But the issue is that - Inside the container, when I am trying to mount - /dev/usb on a directory 
> I get the following error - 
> 
> ubuntu at CN:~$ sudo mount /dev/usb test/
> [sudo] password for ubuntu: 
> mount: block device /dev/usb is write-protected, mounting read-only
> mount: cannot mount block device /dev/usb read-only
> 
> Can some one please let me know if I am missing something here? It
> would also be very helpful , if some one can please explain the
> difference between the approach of sharing a device node - one in
> which I use "mount --bind" to share a device node, another is through
> the LXC config file.

I suspect apparmor is preventing this.  To verify you could quickly edit
/var/lib/lxc/CN/config and set lxc.aa_profile = unconfined




More information about the lxc-users mailing list