> I use up-to-date aptosid kernel (3.0.4) and tested the cgroup device access > rights with rtc. > test: > - start with no rights for c 254 0 (rtc). > - start container, terminal and become root (i deleted all rtc-files in > container before) > - mknod -600 rtc0 c 254 0 -> not permitted > - on host: echo 'c 254:0 m' > /cgroup/a/devices.allow > - mknod works now > - in container: hwclock -r (read time) doesn't work > - on host: echo 'c 254:0 r' > /cgroup/a/devices.allow > - hwclock -r does work now > > - cat /cgroup/a/devices.list shows that rtc has only read right > > - in container; hwclock --set --date"9/22/96" does work! > - host hwclock -r shows now the new date! > > i'm not sure if it is a bug or strange behaviour. Does it happen only with > aptosid kernel or is it a general kernel bug?
Problem solved. /dev/rtc is only used to read the time. To write the date and time the ioctl function settimeofday is used. To prevent this you have to drop the capability sys_time ------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
