[lxc-users] Mount host filesystem under /sys/class within a container

Thu Mar 23 14:52:33 UTC 2017

Hi all,
sorry for the very long post. As I said in a previous email I'm trying to
play with LXD on top of a Raspberry Pi 3. My goal is to mount the GPIO
pseudo filesystem on a container so that I can access the GPIO pins from
within the container.

I came up with the following conclusions:

 - if I create a privileged container (I would prefer not to do that
anyway) I can see the /sys/class/gpio filesystem as root but I cannot write
it. For example, trying a classical "echo 1 > /sys/class/gpio/export, I get
"bash: export: Read-only file system"
 - if I create a non-privileged container I cannot even enter folder
/sys/class/gpio as root. I can enter /sys/class but there I see that gpio
folder has owner nobody.nogroup and 770 permissions.

I solved the issue with a FUSE filesystem running on the Raspberry that
mirrors the /sys/class/gpio and mounting such a filesystem under a
different path, i.e., /gpio_mnt/sys/class/gpio.

This is the script I created:

*lxc launch ubuntu:16.04 test1*

*MYUID=`sudo ls -l /var/lib/lxd/containers/test1/rootfs/ | grep root | awk
'{}{print $3}{}'`*

*lxc exec test1 -- addgroup gpio*
*lxc exec test1 -- usermod -a -G gpio ubuntu*
*MYGID=$(($MYUID + `lxc exec test1 -- sed -nr "s/^gpio:x:([0-9]+):.*/\1/p"
/etc/group`))*

*sudo mkdir -p /gpio_mnt/test1*
*sudo chmod 777 -R /gpio_mnt/*

*sudo mkdir -p /gpio_mnt/test1/sys/devices/platform/soc/3f200000.gpio*
*sudo mkdir -p /gpio_mnt/test1/sys/class/gpio*
*sudo chown "$MYUID"."$MYGID" -R /gpio_mnt/test1/sys/*

*lxc exec test1 -- mkdir -p /gpio_mnt/sys/class/gpio*
*lxc exec test1 -- mkdir -p
/gpio_mnt/sys/devices/platform/soc/3f200000.gpio*

*lxc config device add test1 gpio disk
source=/gpio_mnt/test1/sys/class/gpio path=/gpio_mnt/sys/class/gpio*
*lxc config device add test1 devices disk
source=/gpio_mnt/test1/sys/devices/platform/soc/3f200000.gpio
path=/gpio_mnt/sys/devices/platform/soc/3f200000.gpio*

*#This is the mirroring through FUSE filesystem*
*cd /home/ubuntu/test_gpio_mirroring/*
*sudo node node-folder-mirroring.js /sys/devices/platform/soc/3f200000.gpio
/gpio_mnt/test1/sys/devices/platform/soc/3f200000.gpio -o uid=$MYUID -o
gid=$MYGID -o allow_other &> log_devices_test1 &*
*sudo node node-folder-mirroring.js /sys/class/gpio
/gpio_mnt/test1/sys/class/gpio -o uid=$MYUID -o gid=$MYGID -o allow_other
&> log_gpio_test1 &*

I would like not to mount under /gpio_mnt/sys/class/gpio but under
/sys/class/gpio so that standard Raspberry libraries will work inside the
container without any modification but I will still be able to capture the
syscalls with the FUSE filesystem mediating the access to GPIO pins.

How can I do that? Am I missing something here?

Thanks,
Francesco

-- 
------------------------------------------------------------------------------
Dr. Francesco Longo, PhD
Assistant Professor
Dipartimento  di Ingegneria
Università degli Studi di Messina
address: Contrada di Dio (S. Agata), 98166, Messina, Italy
email: flongo at unime.it
phone: +39 090 3977335 --- fax: +39 090 3977471
------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170323/5f48b941/attachment.html>