[Lxc-users] Facing issue in Sharing host device node with container

Datta, Souvik Souvik.Datta at harman.com
Wed Jun 26 05:44:57 UTC 2013 

Thanks. 
After uncommenting out the line - "lxc.aa_profile = unconfined" in the container config file, I am able to mount the host usb device as read write in the container.

Regards,
Souvik
________________________________________
From: Serge Hallyn [serge.hallyn at ubuntu.com]
Sent: Tuesday, June 25, 2013 1:02 AM
To: Datta, Souvik
Cc: Lxc-users at lists.sourceforge.net
Subject: Re: [Lxc-users] Facing issue in Sharing host device node with container

Quoting Datta, Souvik (Souvik.Datta at harman.com):
> Hi,
>
> I have created a ubuntu - precise container inside of Ubuntu host (precise).  I am trying to share a plugged in USB MSD device between host and container. In order to do so, I did a bind mount of the host device node to a fake node in the container. Following are the steps that I did:
>
> 1. Inside the container , created a file /dev/usb
> 2. In the host shell executed - sudo mount --bind /dev/sdb1 /var/lib/lxc/CN/rootfs/dev/usb
>
> After this, I went and changed the configuration file in /var/lib/lxc/CN/config to give the container access to /dev/sdb1. The changes made in the config file is:
> lxc.cgroup.devices.allow = b 8:17 rwm
>
> In the container ,  when I execute ls -al "/dev/usb", it shows the following:
> brw-rw---- 1 root disk 8, 17 Jun 24 09:26 /dev/usb
>
> In the host, when I execute - mount , along with other mount point, it shows the following:
> ....
> /dev/sdb1 on /var/lib/lxc/CN/rootfs/dev/usb type none (rw,bind)
> ....
>
> But the issue is that - Inside the container, when I am trying to mount - /dev/usb on a directory
> I get the following error -
>
> ubuntu at CN:~$ sudo mount /dev/usb test/
> [sudo] password for ubuntu:
> mount: block device /dev/usb is write-protected, mounting read-only
> mount: cannot mount block device /dev/usb read-only
>
> Can some one please let me know if I am missing something here? It
> would also be very helpful , if some one can please explain the
> difference between the approach of sharing a device node - one in
> which I use "mount --bind" to share a device node, another is through
> the LXC config file.

I suspect apparmor is preventing this.  To verify you could quickly edit
/var/lib/lxc/CN/config and set lxc.aa_profile = unconfined

More information about the lxc-users mailing list