[lxc-users] Access to /dev/kvm under an lxc container?
Mark G
markg735 at gmail.com
Mon Jan 14 07:13:37 UTC 2019
Hello all,
I'm trying to run Android Studio under an lxc container. The emulator in
Android Studio requires /dev/kvm support. I am passing access to this
device through with:
lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0
And I also have:
lxc.apparmor.profile = unconfined
Interestingly enough on the host I can do this:
# cat /dev/kvm
cat: /dev/kvm: Invalid argument
But on the container I get this:
# cat /dev/kvm
cat: /dev/kvm: Operation not permitted
No doubt because this is a device file that is owned by root and the
container's notion of "root" is really some other, non-zero user ID.
My questions are: (1) Is it possible to grant an lxc container access to
this device? (2) If so, what am I missing from the above? (3) Is it safe to
do this?
I know it's not 100% safe the minute I start granting access to devices.
But in this case I "trust" the Android SDK to the effect that it isn't a
compromised binary. I don't know if I should trust it to not damage the
host while trying to do its kvm thing.
Anyone have any luck with this?
Thanks in advance.
-M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20190114/cc669fd1/attachment.html>
More information about the lxc-users
mailing list