Daniel Lezcano wrote, On 2010. 08. 09. 0:37:
> On 08/08/2010 12:23 AM, Papp Tamas wrote:
>> hi!
>>
>> I use the everywhere offered lxc configuration as:
>>
>> lxc.cgroup.devices.deny = a
>> # /dev/null and zero
>> lxc.cgroup.devices.allow = c 1:3 rwm
>> lxc.cgroup.devices.allow = c 1:5 rwm
>> # consoles
>> lxc.cgroup.devices.allow = c 5:1 rwm
>> lxc.cgroup.devices.allow = c 5:0 rwm
>> lxc.cgroup.devices.allow = c 4:0 rwm
>> lxc.cgroup.devices.allow = c 4:1 rwm
>> # /dev/{,u}random
>> lxc.cgroup.devices.allow = c 1:9 rwm
>> lxc.cgroup.devices.allow = c 1:8 rwm
>> # /dev/pts/* - pts namespaces are "coming soon"
>> lxc.cgroup.devices.allow = c 136:* rwm
>> lxc.cgroup.devices.allow = c 5:2 rwm
>> # rtc
>> lxc.cgroup.devices.allow = c 254:0 rwm
>>
>>
>>
>> Why does the container have write access to /dev/rtc ? Why can the
>> container set the host's time and date setup.
>>
>
> Good point. I think it would be preferable to set it read only in the
> /dev directory and the container configuration.
>
Well, I tried it, I set up:
lxc.cgroup.devices.allow = c 254:0 r
Now I have no /dev/rtc0. Why? Does the container need it anyway?
Thank you,
tamas
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
