[lxc-users] /dev/random problem with unprivileged minimal containers

Fiedler Roman Roman.Fiedler at ait.ac.at
Tue Jun 2 12:34:34 UTC 2015


Hello  List,

I've tried to create a unprivileged minimal container from scratch just
writing config and extracting minimal guest tar to root with correct
UIDs/GIDs.

Most things work fine, but SSH failed to start:

# /usr/sbin/sshd -D
PRNG is not seeded

Cause was that /dev/random is missing.

Question: at what point guest /dev/random would be created? Is this done by
LXC, has it be triggered on host side or is just permission given on host
side but creation is done by guest udev or similar?



My lxc-config contains those entries:

# /dev/random
lxc.cgroup.devices.allow = c 1:8 rwm
# /dev/urandom
lxc.cgroup.devices.allow = c 1:9 rwm


After calling

lxc-device -n test add /dev/random /dev/random
lxc-device -n test add /dev/urandom /dev/urandom

the devices exist in guest but with wrong uid/gid and wrong permissions
(perhaps my version of lxc-device does not play nice with unprivileged)


host# ls -al /dev/random 
crw-rw-rw- 1 root root 1, 8 Apr 22 09:32 /dev/random

container# ls -al /dev/random 
crw-r--r-- 1 nobody nogroup 1, 8 Jun  2 12:22 /dev/random


Any ideas?

Kind regards,
Roman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6344 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150602/a70d9f03/attachment.bin>


More information about the lxc-users mailing list