[lxc-users] OpenVPN in Debian Jessie container
Serge E. Hallyn
serge at hallyn.com
Mon May 30 17:02:45 UTC 2016
On Mon, May 30, 2016 at 09:04:26AM -0600, Joshua Schaeffer wrote:
> >For starters, from "man lxc.container.conf"
> >
> >lxc.hook.autodev
> > A hook to be run in the container's namespace after mounting
> > has been done and after any mount hooks have run, but before
> > the pivot_root, if lxc.autodev == 1.
> >
> >You can never modprobe in unprivileged container's namespace.
> >
> >Another thing, AFAIK the hooks only accepts one parameter: a script name. So you need to have a script (e.g. /usr/local/bin/my_script) inside the container.
> >
> I actually tried that already as well and it resulted in the exact same error:
>
> lxc.autodev = 1
> lxc.hook.autodev = /home/lxcuser/.local/share/lxc/autodev/vpn_barracks
> lxc.cgroup.devices.deny = a
> lxc.cgroup.devices.allow = c 10:200 rwm
>
> lxcuser at corsair:~/.local/share/lxc$ cat autodev/vpn_barracks
> #!/bin/bash
> cd ${LXC_ROOTFS_MOUNT}/dev
> mkdir net
> mknod net/tun c 10 200
This script runs as your unprivileged user, so you cannot mknod.
More information about the lxc-users
mailing list