[lxc-users] /dev/random problem with unprivileged minimal containers
Fiedler Roman
Roman.Fiedler at ait.ac.at
Tue Jun 2 12:34:34 UTC 2015
Hello List,
I've tried to create a unprivileged minimal container from scratch just
writing config and extracting minimal guest tar to root with correct
UIDs/GIDs.
Most things work fine, but SSH failed to start:
# /usr/sbin/sshd -D
PRNG is not seeded
Cause was that /dev/random is missing.
Question: at what point guest /dev/random would be created? Is this done by
LXC, has it be triggered on host side or is just permission given on host
side but creation is done by guest udev or similar?
My lxc-config contains those entries:
# /dev/random
lxc.cgroup.devices.allow = c 1:8 rwm
# /dev/urandom
lxc.cgroup.devices.allow = c 1:9 rwm
After calling
lxc-device -n test add /dev/random /dev/random
lxc-device -n test add /dev/urandom /dev/urandom
the devices exist in guest but with wrong uid/gid and wrong permissions
(perhaps my version of lxc-device does not play nice with unprivileged)
host# ls -al /dev/random
crw-rw-rw- 1 root root 1, 8 Apr 22 09:32 /dev/random
container# ls -al /dev/random
crw-r--r-- 1 nobody nogroup 1, 8 Jun 2 12:22 /dev/random
Any ideas?
Kind regards,
Roman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6344 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150602/a70d9f03/attachment.bin>
More information about the lxc-users
mailing list