[lxc-users] Device hot-plug for unprivileged lxc container.

Bludov Ivan (CM/ESO6) Ivan.Bludov at de.bosch.com
Mon Apr 24 11:44:10 UTC 2017


UP.
Does someone have an idea how to make device hot-plug for unprivileged containers?

Mit freundlichen Grüßen / Best regards

Ivan Bludov

Engineering SW Operating Systems (CM/ESO6)
Tel. +49(5121)49-3129 | Fax +49(711)811-5053129 | Ivan.Bludov at de.bosch.com<mailto:Ivan.Bludov at de.bosch.com>


From: lxc-users [mailto:lxc-users-bounces at lists.linuxcontainers.org] On Behalf Of Bludov Ivan (CM/ESO6)
Sent: Tuesday, April 18, 2017 9:37 AM
To: lxc-users at lists.linuxcontainers.org
Subject: [lxc-users] Device hot-plug for unprivileged lxc container.

Hello,

I need to provide device hot-plug for unprivileged container. I tried to use several approaches and I got some issues with different approaches. Can you make an advice about the right approach to do this?

1.       "lxc-device add" + "lxc.cgroup.devices.allow = a *:* rwm" :
I can see the device inside the container (/dev/), but I can't access it at all.

2.       "mount --bind" :

This doesn't work for container's /dev directory (even from /proc/(continer's PID)/rootfs/dev ). I would assume devtmpfs blocks mount events to folder /(container's rfs)/dev/.

But "mount -bind /(container's rfs)/dev-extra/" works.

3.       "mknode /proc/(continer's PID)/rootfs/dev" :

The same as previous.

Can you please tell is the right approach I should follow?

Thank you.


Mit freundlichen Grüßen / Best regards

Ivan Bludov

Engineering SW Operating Systems (CM/ESO6)
Tel. +49(5121)49-3129 | Fax +49(711)811-5053129 | Ivan.Bludov at de.bosch.com<mailto:Ivan.Bludov at de.bosch.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170424/b5208d96/attachment.html>


More information about the lxc-users mailing list