[lxc-users] autodev hook and devices whitelist
Serge Hallyn
serge.hallyn at ubuntu.com
Wed May 13 15:24:29 UTC 2015
Quoting Christoph Mathys (eraserix at gmail.com):
> Hello
>
> I need to access a couple of device nodes from a container (<=2). The
> device node has a dynamic major number and the number of devices
> depends on the hosts configuration. When the container is started, I
> want to create the device nodes inside the container by inspecting the
> device nodes on the host.
>
> I figured I'll use an autodev hook and create the device nodes as
> required inside the container. This works for the device node, but I
> didn't find out how I can allow access to the device, e.g. make the
> correct entry into the cgroup for the currently allocated major
> number. I tried with lxc-cgroup and lxc-device, but both result in an
> error when I try to run them inside the autodev hook.
>
> Statement that leads to the error: lxc-cgroup -n ${LXC_NAME}
> devices.allow 'c 189:* rwm'
>
> Error on lxc-start:
> lxc: cgmanager.c: lxc_cgmanager_escape: 329 call to
> cgmanager_move_pid_abs_sync(perf_event) failed: Escape request from
> different namespace requires a proxy
> lxc_container: lxc_cgroup.c: main: 94 '/var/lib/lxc:precise' is not running
> lxc-start: conf.c: run_buffer: 330 Script exited with status 1
> lxc-start: conf.c: lxc_setup: 4187 failed to run autodev hooks for
> container 'precise'.
>
> How can I create device nodes and whitlelist them automatically at
> container startup time? I use lxc 1.0.7 on Ubuntu trusty.
>
> Thanks,
> Christoph
lxc-cgroup tries to change it for a running container only. You
want to edit /var/lib/lxc/$LXC_NAME/config and add
lxc.cgroup.devices.allow = c 189:* rwm
More information about the lxc-users
mailing list