[lxc-users] creating device nodes in unprivileged containers?
Tomasz Chmielewski
mangoo at wpkg.org
Wed Jul 1 08:07:59 UTC 2015
In an unprivileged Ubuntu 14.04 container, I'm trying to run a program
which needs to create device nodes.
Unfortunately it fails:
# pbuilder-dist trusty i386 create
W: /root/.pbuilderrc does not exist
I: Logging to /root/pbuilder/trusty-i386_result/last_operation.log
I: Distribution is trusty.
I: Current time: Wed Jul 1 07:25:49 UTC 2015
I: pbuilder-time-stamp: 1435735549
I: Building the build environment
I: running debootstrap
/usr/sbin/debootstrap
mknod: '/var/cache/pbuilder/build/5377/./test-dev-null': Operation not
permitted
E: Cannot install into target '/var/cache/pbuilder/build/5377/.' mounted
with noexec or nodev
E: debootstrap failed
W: Aborting with an error
I: cleaning the build env
I: removing directory /var/cache/pbuilder/build//5377 and its
subdirectories
So I've tried to add the following to container's config:
lxc.cap.keep = CAP_MKNOD
However, the container fails to start:
lxc-start 1435737618.188 ERROR lxc_conf - conf.c:lxc_setup:3925 -
Simultaneously requested dropping and keeping caps
I don't see "mknod" dropped before in included configs:
# grep -ri mknod /usr/share/lxc/config/*
How can I let create custom device nodes?
The host is running these versions:
# dpkg -l|grep lxc
ii liblxc1
1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
userspace tools (library)
ii lxc
1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
userspace tools
ii lxc-templates
1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
userspace tools (templates)
ii lxcfs
0.9-0ubuntu1~ubuntu14.04.1~ppa1 amd64 FUSE based filesystem
for LXC
ii python3-lxc
1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
userspace tools (Python 3.x bindings)
--
Tomasz Chmielewski
http://wpkg.org
More information about the lxc-users
mailing list