[lxc-users] Can LVM be used in an LXC container?

Alvaro Miranda Aguilera kikitux at gmail.com
Thu Jan 16 20:45:02 UTC 2014


Hello.

10 236 are the device major minor for /dev/mapper devices

http://debian-handbook.info/browse/wheezy/advanced-administration.html

252 for disk devices i think

According to the "devices.txt" file in /usr/src/linux/Documentation, those
number fall into the range, well, here's what's in the file:
Code:

240-254 char    LOCAL/EXPERIMENTAL USE
240-254 block   LOCAL/EXPERIMENTAL USE
                Allocated for local/experimental use.  For devices not
                assigned official numbers, these ranges should be
                used in order to avoid conflicting with future assignments.




On Fri, Jan 17, 2014 at 8:06 AM, Jeremiah Snapp <jeremiah.snapp at gmail.com>wrote:

> Thanks again.  Is there a good place to look for an explanation of the
> settings you gave me before?
>
> lxc.cgroup.devices.allow = c 10:236 rwm
> lxc.cgroup.devices.allow = b 252:* rwm
>
>
> On Thu, Jan 16, 2014 at 2:02 PM, Serge Hallyn <serge.hallyn at ubuntu.com>wrote:
>
>> Quoting Jeremiah Snapp (jeremiah.snapp at gmail.com):
>> > Thanks Serge!  I actually just found out in IRC that further in my
>> config I
>> > was denying access.  Once I allowed access it works fine.
>> >
>> > Yours is the second warning I've received about using LVM in a
>> container.
>> >  I don't know the details of the concern but can you tell me if it would
>> > require human error to cause problems?
>>
>> Well human error would help :)  But also allowing the container to have
>> all the privileges it needs to do lvm+mounting means that anything in
>> the continer could mess with the host.
>>
>> > I'm not using this in production by
>> > the way.  These are throw away test containers.
>>
>> If it's also a throw away test host, then there's nothing to worry
>> about.
>>
>> > The app installed inside
>> > requires an LVM volume.
>>
>> Nothing *should* go wrong :)  It's just that by having access to the
>> host disk devices, any malware/bugs in the container can easily hose
>> your host, replace your /sbin/init, etc.
>>
>> -serge
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140117/7859c30f/attachment-0001.html>


More information about the lxc-users mailing list