Quoting Fiedler Roman ([email protected]): > Hello List, > > I've tried to create a unprivileged minimal container from scratch just > writing config and extracting minimal guest tar to root with correct > UIDs/GIDs. > > Most things work fine, but SSH failed to start: > > # /usr/sbin/sshd -D > PRNG is not seeded > > Cause was that /dev/random is missing. > > Question: at what point guest /dev/random would be created? Is this done by > LXC, has it be triggered on host side or is just permission given on host > side but creation is done by guest udev or similar? > > > > My lxc-config contains those entries: > > # /dev/random > lxc.cgroup.devices.allow = c 1:8 rwm > # /dev/urandom > lxc.cgroup.devices.allow = c 1:9 rwm
Did you add 'lxc.autodev = 1' to your configuration? If autodev is set, then fill_autodev should be creating /dev/random at start time. > After calling > > lxc-device -n test add /dev/random /dev/random > lxc-device -n test add /dev/urandom /dev/urandom > > the devices exist in guest but with wrong uid/gid and wrong permissions > (perhaps my version of lxc-device does not play nice with unprivileged) Because you are unprivileged, you cannot create /dev/random. All you can do is to bind mount it from the host. So it gets the same uid/gid/perms as on the host. > host# ls -al /dev/random > crw-rw-rw- 1 root root 1, 8 Apr 22 09:32 /dev/random > > container# ls -al /dev/random > crw-r--r-- 1 nobody nogroup 1, 8 Jun 2 12:22 /dev/random So that's precisely what I'd expect, since root/root is not mapped into the unprivileged container. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
