Re: [Lxc-users] PostgreSQL - "sh: cannot create /dev/null: Permission denied" - LXC Issue?

[Patrick Kevin McCaffrey]

There is indeed a node at /dev/null.  The configuration that I base my 
containers off of is as follows:

--------------------------------------------------------------------------------------------

lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /lxc/debian_squeeze_template/rootfs
lxc.cgroup.devices.deny = a
lxc.network.type = veth
lxc.network.link = br0
#lxc.network.veth.pair = 
lxc.network.ipv4 = 192.168.80.100
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

# mounts point
lxc.mount.entry=proc /lxc/debian_squeeze_template//rootfs/proc proc 
nodev,noexec,nosuid 0 0
lxc.mount.entry=sysfs /lxc/debian_squeeze_template//rootfs/sys sysfs defaults  
0 0

-------------------------------------------------------------------------------------------------------

Everything stays the same from container to container except for the IP and the 
rootfs.  I think I have it set up right?  Am I missing it?

Pat



----- Original Message -----
From: "Guido Jäkel" <g.jae...@dnb.de>
To: "Patrick Kevin McCaffrey" <p...@uwm.edu>, "lxc-users" 
<lxc-users@lists.sourceforge.net>
Sent: Tuesday, December 20, 2011 2:06:49 AM
Subject: Re: [Lxc-users] PostgreSQL - "sh: cannot create /dev/null: Permission 
denied" - LXC Issue?

Dear Patrick,

As I understand /dev/null isn't writable in your container. That's definitely a 
wrong configuration.

Please check, that there is a real device node for  /dev/null  (and others) in 
your container and you have it (and others) in the lxc device access control 
list (lxc.cgroup.devices.allow = c 1:3 rw)

Note that -- depending on the linux flavor in your LXC container -- you might 
have to populate /dev by your own, because it's not reasonable to run udev or 
something like this inside a container.

Greetings

Guido

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users