[lxc-users] Can LVM be used in an LXC container?
Alvaro Miranda Aguilera
kikitux at gmail.com
Thu Jan 16 20:45:02 UTC 2014
Hello.
10 236 are the device major minor for /dev/mapper devices
http://debian-handbook.info/browse/wheezy/advanced-administration.html
252 for disk devices i think
According to the "devices.txt" file in /usr/src/linux/Documentation, those
number fall into the range, well, here's what's in the file:
Code:
240-254 char LOCAL/EXPERIMENTAL USE
240-254 block LOCAL/EXPERIMENTAL USE
Allocated for local/experimental use. For devices not
assigned official numbers, these ranges should be
used in order to avoid conflicting with future assignments.
On Fri, Jan 17, 2014 at 8:06 AM, Jeremiah Snapp <jeremiah.snapp at gmail.com>wrote:
> Thanks again. Is there a good place to look for an explanation of the
> settings you gave me before?
>
> lxc.cgroup.devices.allow = c 10:236 rwm
> lxc.cgroup.devices.allow = b 252:* rwm
>
>
> On Thu, Jan 16, 2014 at 2:02 PM, Serge Hallyn <serge.hallyn at ubuntu.com>wrote:
>
>> Quoting Jeremiah Snapp (jeremiah.snapp at gmail.com):
>> > Thanks Serge! I actually just found out in IRC that further in my
>> config I
>> > was denying access. Once I allowed access it works fine.
>> >
>> > Yours is the second warning I've received about using LVM in a
>> container.
>> > I don't know the details of the concern but can you tell me if it would
>> > require human error to cause problems?
>>
>> Well human error would help :) But also allowing the container to have
>> all the privileges it needs to do lvm+mounting means that anything in
>> the continer could mess with the host.
>>
>> > I'm not using this in production by
>> > the way. These are throw away test containers.
>>
>> If it's also a throw away test host, then there's nothing to worry
>> about.
>>
>> > The app installed inside
>> > requires an LVM volume.
>>
>> Nothing *should* go wrong :) It's just that by having access to the
>> host disk devices, any malware/bugs in the container can easily hose
>> your host, replace your /sbin/init, etc.
>>
>> -serge
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140117/7859c30f/attachment-0001.html>
More information about the lxc-users
mailing list