Ok but ... and the "lxc-console" problem?
2010/7/30 C Anthony Risinger <anth...@extof.me>: > (sorry for top post... mobiles don't make it easy otherwise) > > Yes it would be better if you deny all, then specifically allow any > devices the container needs [to create]. > > Also, private devpts is already possible... just add "newinstance" to > devpts mount options; you should also do this for the host, and > ensure /dev/ptmx is a symlink to /dev/pts/ptmx for both host and > containers. > > C Anthony [mobile] > > On Jul 30, 2010, at 8:21 PM, "Serge E. Hallyn" <serge.hal...@canonical.com > > wrote: > >> Quoting Osvaldo Filho (arquivos...@gmail.com): >>> The problem is with config file, on lxc-create >>> lxc.cgroup.devices.deny = a >>> >>> Solved. >> >> That's ok if you don't mind, but not the generally preferred >> solution, since without a custom selinux or smack policy you >> don't have anything else protecting your devices. >> >> -serge >> >> --- >> --- >> --- >> --------------------------------------------------------------------- >> The Palm PDK Hot Apps Program offers developers who use the >> Plug-In Development Kit to bring their C/C++ apps to Palm for a share >> of $1 Million in cash or HP Products. Visit us here for more details: >> http://p.sf.net/sfu/dev2dev-palm >> _______________________________________________ >> Lxc-users mailing list >> Lxc-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lxc-users > ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
