[lxc-users] creating device nodes in unprivileged containers?

Tomasz Chmielewski mangoo at wpkg.org
Wed Jul 1 08:38:47 UTC 2015 

Really not possible? How do people run debootstrap, pbuilder? These 
tools are often parts of build systems, am I really the first one to try 
to run them in LXC?


Tomasz Chmielewski
http://wpkg.org


On 2015-07-01 17:22, Janjaap Bos wrote:
> You cannot create devices from the container. You need to create them
> beforehand outside rootfs and bind mount them in the container config.
> 
> 
> This has been explained in detail on this list, so just do quick
> search for further info.
> 
> This only concerns lxd deployments as far as I know.
> Op 1 jul. 2015 10:08 schreef "Tomasz Chmielewski" <mangoo at wpkg.org>:
> 
>> In an unprivileged Ubuntu 14.04 container, I'm trying to run a
>> program which needs to create device nodes.
>> 
>> Unfortunately it fails:
>> 
>> # pbuilder-⁠dist trusty i386 create
>> W: /⁠root/⁠.pbuilderrc does not exist
>> I: Logging to
>> /⁠root/⁠pbuilder/⁠trusty-⁠i386_result/⁠last_operation.log
>> I: Distribution is trusty.
>> I: Current time: Wed Jul 1 07:25:49 UTC 2015
>> I: pbuilder-⁠time-⁠stamp: 1435735549
>> I: Building the build environment
>> I: running debootstrap
>> /⁠usr/⁠sbin/⁠debootstrap
>> mknod: '/var/cache/pbuilder/build/5377/./test-dev-null': Operation
>> not permitted
>> E: Cannot install into target '/var/cache/pbuilder/build/5377/.'
>> mounted with noexec or nodev
>> E: debootstrap failed
>> W: Aborting with an error
>> I: cleaning the build env
>> I: removing directory /var/cache/pbuilder/build//5377 and its
>> subdirectories
>> 
>> So I've tried to add the following to container's config:
>> 
>> lxc.cap.keep = CAP_MKNOD
>> 
>> However, the container fails to start:
>> 
>> lxc-start 1435737618.188 ERROR lxc_conf - conf.c:lxc_setup:3925
>> - Simultaneously requested dropping and keeping caps
>> 
>> I don't see "mknod" dropped before in included configs:
>> 
>> # grep -ri mknod /usr/share/lxc/config/*
>> 
>> How can I let create custom device nodes?
>> 
>> The host is running these versions:
>> 
>> # dpkg -l|grep lxc
>> ii liblxc1
>> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
>> userspace tools (library)
>> ii lxc
>> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
>> userspace tools
>> ii lxc-templates
>> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
>> userspace tools (templates)
>> ii lxcfs
>> 0.9-0ubuntu1~ubuntu14.04.1~ppa1 amd64 FUSE based
>> filesystem for LXC
>> ii python3-lxc
>> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
>> userspace tools (Python 3.x bindings)
>> 
>> --
>> Tomasz Chmielewski
>> http://wpkg.org [1]
>> 
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users [2]
> 
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list