-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/05/2011 11:51 AM, Gordon Henderson wrote: > On Sat, 5 Nov 2011, Daniel Lezcano wrote: > >> On 11/05/2011 12:06 AM, Dong-In David Kang wrote: >>> Hi, >>> >>> Is it possible to do "mknod" after creation of an LXC >>> instance? I need to do "mknod" not only at bootup time, but >>> also at run-time. This is needed when I want to dynamically add >>> devices to LXC instance. Is it possible? If it is, how can I do >>> it? >>> >>> I've seen the case of "mknod" at bootup time of an LXC >>> instance. But, I haven't seen the usage of "mknod" at run-time >>> after boot-up. Is it the limitation of LXC? >> >> Just comment out the lxc.cgroup.devices.* lines in the >> configuration file. > > Yup - same issue I had a few days ago. > > However it also helped me yesterday too when I had been given a > vmware instance to extract some data from - I manged to unpack it > into a regular filesystem, then on a whim, I decided to run it up > under LXC - it kicked off udev which mknods, so letting it do that > make it work OK - actually work very OK after I tweaked a few > things in the startup scripts to stop it grabbing the console, so > much so that the people I was doing it for want to keep it going > for a while rather than extract the data and import it into their > new system - it turned out to be an FC11 image - my host is > Debian! > > Gordon
You may want to apply the change I submitted to lxc-devel a few days ago: - --- templates/lxc-ubuntu.in | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in index 4f44b03..2be8680 100644 - --- a/templates/lxc-ubuntu.in +++ b/templates/lxc-ubuntu.in @@ -179,9 +179,12 @@ lxc.pts = 1024 lxc.rootfs = $rootfs lxc.mount = $path/fstab lxc.arch = $arch - -lxc.cap.drop = sys_module mac_override mac_admin +lxc.cap.drop = sys_module lxc.cgroup.devices.deny = a +# Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m # /dev/null and zero lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm - -- 1.7.7 This will allow any mknod to succeed but won't grant access to the created devices unless whitelisted. This should solve most of the runtime issues I noticed (upgrading udev being one of them). - -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJOtzFDAAoJEMY4l01keS1n7QcQANct4lCROE1EMsaYKQ79xwSu kquXbRewiyebE9ji2gavGSCUffx+wDHw5AwOVpSppmlEPIhawgJhDcXSWJ+YWPyp ZM5C+w7/pcUVox/prxNB2pFaPBecXWVS5YeOXAC5XXyqNJkWtBlU7abt8UT4lrNz BKoMc8YlQdDc2pYVmTyMBv6lMFQsV40Cm5TpEXvraRC7KlH4/gL1cIwXdpC4Aku/ D7775KRohl/OqCgijTxT3fsrcvIiKPes9toXaR+2JqAPh74x3tEui+qQfkZMs+78 CieEx+buJy83iMWv5L60bS/LW5pVk34Cz3nAfWZ50kUbB4HEdTR6ldBSwLD7O626 F0iqnIzMR6MKn/zvCC5tKK2Dp8/zMUyojDzKV+03DSDLQ88kNLu2nllw18rKVPUx IQemtJ2NfpXluin9ccDEcpJaw+8AcicoFgK4as+DQv50favSgJDhTTYbqBPWyPQU znsUiPv3Oei+nMXXjQnOlSfa/rOBD6kMM7QSDgBpuDQNz+8A7jYPsesyuhJ6RYOz jvt3yfIdu6n/okutLbFKgs2cNuLhZjHz8EwdWkP0bxM10dE8rNAQAu5c590cgY5F ZP22DLDbshjPTfioTVi4O+oLtBHt19sY5lOVQSYAbL/61jp+WoAeen6dsw+zgEiU +Qq1K61uAh4FJMYNZIwl =tA0q -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users