[lxc-users] autodev hook and devices whitelist
Christoph Mathys
eraserix at gmail.com
Wed May 13 14:54:50 UTC 2015
Hello
I need to access a couple of device nodes from a container (<=2). The
device node has a dynamic major number and the number of devices
depends on the hosts configuration. When the container is started, I
want to create the device nodes inside the container by inspecting the
device nodes on the host.
I figured I'll use an autodev hook and create the device nodes as
required inside the container. This works for the device node, but I
didn't find out how I can allow access to the device, e.g. make the
correct entry into the cgroup for the currently allocated major
number. I tried with lxc-cgroup and lxc-device, but both result in an
error when I try to run them inside the autodev hook.
Statement that leads to the error: lxc-cgroup -n ${LXC_NAME}
devices.allow 'c 189:* rwm'
Error on lxc-start:
lxc: cgmanager.c: lxc_cgmanager_escape: 329 call to
cgmanager_move_pid_abs_sync(perf_event) failed: Escape request from
different namespace requires a proxy
lxc_container: lxc_cgroup.c: main: 94 '/var/lib/lxc:precise' is not running
lxc-start: conf.c: run_buffer: 330 Script exited with status 1
lxc-start: conf.c: lxc_setup: 4187 failed to run autodev hooks for
container 'precise'.
How can I create device nodes and whitlelist them automatically at
container startup time? I use lxc 1.0.7 on Ubuntu trusty.
Thanks,
Christoph
More information about the lxc-users
mailing list