[lxc-users] Access /dev/mem in lxc

[Peter Steele]

On 04/27/2017 12:49 AM, Ganesh Sathyanarayanan wrote:
> Hi All,
>
> This is similar to a post by a John sometime in Aug-2010. He was 
> trying to run Xorg in an lxc which required access to /dev/mem. Am 
> trying to run a custom/proprietary application that needs the same 
> (access to /dev/mem).
>
> I have a privileged container - as in I've created the container as 
> root on my device and start it as root. (root is the usually only user 
> on embedded devices, unlike PC)
> I have been trying to ‘expose’ the /dev/mem device to my container 
> because the application I run there needs it.
> However, am unable to do so - I always end up with a “Operation not 
> permitted” error when I try to open /dev/mem. The following are the 
> different things I tried
> 1) lxc-cgroup.devices.allow = c 1 1 in the conf file (and doing a 
> "mknod /dev/mem c 1 1" on the container)
> 2) lxc-device -n <name> -- add /dev/mem to a running container (this 
> causes /dev/mem to appear in the container without having to run any 
> extra commands such as mknod. But opening it still fails)
> 3) lxc.aa_profile = unconfined (along with steps 1 & 2)
>
> Please advise what I can do to make /dev/mem accessible in lxc. A 
> simple test am doing prior to running my actual application, is 
> something like "head /dev/mem" in the container and check that it 
> displays anything (other than Operation not permitted error).
>
This is something we're interested in as well. We also are developing an 
embedded device with root as the only user--everything runs in a 
privileged mode. Can containers in an LXC based environment access /dev/mem?

Peter