[lxc-users] autodev hook and devices whitelist
Christoph Mathys
eraserix at gmail.com
Fri May 15 11:04:23 UTC 2015
On 13.05.2015 17:24, Serge Hallyn wrote:
> Quoting Christoph Mathys (eraserix at gmail.com):
>> device node has a dynamic major number and the number of devices
>> depends on the hosts configuration. When the container is started, I
>> want to create the device nodes inside the container by inspecting the
>> device nodes on the host.
>>
>> ...
>>
>> How can I create device nodes and whitlelist them automatically at
>> container startup time? I use lxc 1.0.7 on Ubuntu trusty.
>>
>> Thanks,
>> Christoph
>
> lxc-cgroup tries to change it for a running container only. You
> want to edit /var/lib/lxc/$LXC_NAME/config and add
>
> lxc.cgroup.devices.allow = c 189:* rwm
Thanks for your reply. My device nodes major number will be somewhere in
the range 240-254 (sorry, bad example), the exact number is determined
by the kernel when the module gets loaded. So I need to whitelist all of
those.
So, if I've got everything right, my two options to allow access to
devices are:
- Statically in the containers config file
- Dynamically once the container is RUNNING (e.g. *not* from hooks)
More information about the lxc-users
mailing list