[lxc-users] creating device nodes in unprivileged containers?

Janjaap Bos janjaapbos at gmail.com
Wed Jul 1 08:22:39 UTC 2015 

You cannot create devices from the container. You need to create them
beforehand outside rootfs and bind mount them in the container config.

This has been explained in detail on this list, so just do quick search for
further info.

This only concerns lxd deployments as far as I know.
Op 1 jul. 2015 10:08 schreef "Tomasz Chmielewski" <mangoo at wpkg.org>:

> In an unprivileged Ubuntu 14.04 container, I'm trying to run a program
> which needs to create device nodes.
>
> Unfortunately it fails:
>
> # pbuilder-⁠dist trusty i386 create
> W: /⁠root/⁠.pbuilderrc does not exist
> I: Logging to /⁠root/⁠pbuilder/⁠trusty-⁠i386_result/⁠last_operation.log
> I: Distribution is trusty.
> I: Current time: Wed Jul  1 07:25:49 UTC 2015
> I: pbuilder-⁠time-⁠stamp: 1435735549
> I: Building the build environment
> I: running debootstrap
> /⁠usr/⁠sbin/⁠debootstrap
> mknod: '/var/cache/pbuilder/build/5377/./test-dev-null': Operation not
> permitted
> E: Cannot install into target '/var/cache/pbuilder/build/5377/.' mounted
> with noexec or nodev
> E: debootstrap failed
> W: Aborting with an error
> I: cleaning the build env
> I: removing directory /var/cache/pbuilder/build//5377 and its
> subdirectories
>
>
> So I've tried to add the following to container's config:
>
> lxc.cap.keep = CAP_MKNOD
>
> However, the container fails to start:
>
> lxc-start 1435737618.188 ERROR    lxc_conf - conf.c:lxc_setup:3925 -
> Simultaneously requested dropping and keeping caps
>
>
> I don't see "mknod" dropped before in included configs:
>
> # grep -ri mknod /usr/share/lxc/config/*
>
>
>
> How can I let create custom device nodes?
>
> The host is running these versions:
>
> # dpkg -l|grep lxc
> ii  liblxc1
> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1    amd64        Linux Containers
> userspace tools (library)
> ii  lxc
> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1    amd64        Linux Containers
> userspace tools
> ii  lxc-templates
> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1    amd64        Linux Containers
> userspace tools (templates)
> ii  lxcfs
> 0.9-0ubuntu1~ubuntu14.04.1~ppa1      amd64        FUSE based filesystem for
> LXC
> ii  python3-lxc
> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1    amd64        Linux Containers
> userspace tools (Python 3.x bindings)
>
>
> --
> Tomasz Chmielewski
> http://wpkg.org
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150701/3601ea66/attachment.html>

More information about the lxc-users mailing list