Quoting Benjamin Kiessling ([email protected]): > Hi, > > I've got several logical volumes in /dev/vms/ and want to assign each of those > lv to a single LXC container, i.e. I have vm0 and vm1 and want vm0 to have > access to only /dev/vms/vm0 (and vm1 to /dev/vms/vm1). Is there a way to do > this securely and without too much hassle? I tried bind mounts but couldn't > get it working as they only work with directories.
I assume you're not wanting to use this as the container's rootfs, just to mount it while logged into the container? You just add it's major/minor number to the devices whitelist in the container config file. For instance, I have some lvms: serge@sergelap:~$ ls -l /dev/lxc total 0 lrwxrwxrwx 1 root root 7 2011-04-13 15:26 karmic -> ../dm-2 lrwxrwxrwx 1 root root 8 2011-04-13 15:52 l1 -> ../dm-11 lrwxrwxrwx 1 root root 7 2011-04-13 15:52 l3 -> ../dm-5 lrwxrwxrwx 1 root root 7 2011-04-13 15:52 lucid -> ../dm-0 lrwxrwxrwx 1 root root 7 2011-04-13 15:26 maverick -> ../dm-1 lrwxrwxrwx 1 root root 7 2011-04-13 15:26 natty -> ../dm-4 lrwxrwxrwx 1 root root 7 2011-04-13 15:26 nattylxcguest -> ../dm-8 the lvm called 'karmic' in vgroup 'lxc' is actually dm-2. serge@sergelap:~$ ls -l /dev/dm-2 brw-rw---- 1 root disk 252, 2 2011-04-13 15:26 /dev/dm-2 So I would allow a container 'natty' to mount it by editing /var/lib/lxc/natty/config, and adding this line: lxc.cgroup.devices.allow = b 252:2 rwm -serge ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
