Thanks. After uncommenting out the line - "lxc.aa_profile = unconfined" in the container config file, I am able to mount the host usb device as read write in the container.
Regards, Souvik ________________________________________ From: Serge Hallyn [serge.hal...@ubuntu.com] Sent: Tuesday, June 25, 2013 1:02 AM To: Datta, Souvik Cc: Lxc-users@lists.sourceforge.net Subject: Re: [Lxc-users] Facing issue in Sharing host device node with container Quoting Datta, Souvik (souvik.da...@harman.com): > Hi, > > I have created a ubuntu - precise container inside of Ubuntu host (precise). > I am trying to share a plugged in USB MSD device between host and container. > In order to do so, I did a bind mount of the host device node to a fake node > in the container. Following are the steps that I did: > > 1. Inside the container , created a file /dev/usb > 2. In the host shell executed - sudo mount --bind /dev/sdb1 > /var/lib/lxc/CN/rootfs/dev/usb > > After this, I went and changed the configuration file in > /var/lib/lxc/CN/config to give the container access to /dev/sdb1. The changes > made in the config file is: > lxc.cgroup.devices.allow = b 8:17 rwm > > In the container , when I execute ls -al "/dev/usb", it shows the following: > brw-rw---- 1 root disk 8, 17 Jun 24 09:26 /dev/usb > > In the host, when I execute - mount , along with other mount point, it shows > the following: > .... > /dev/sdb1 on /var/lib/lxc/CN/rootfs/dev/usb type none (rw,bind) > .... > > But the issue is that - Inside the container, when I am trying to mount - > /dev/usb on a directory > I get the following error - > > ubuntu@CN:~$ sudo mount /dev/usb test/ > [sudo] password for ubuntu: > mount: block device /dev/usb is write-protected, mounting read-only > mount: cannot mount block device /dev/usb read-only > > Can some one please let me know if I am missing something here? It > would also be very helpful , if some one can please explain the > difference between the approach of sharing a device node - one in > which I use "mount --bind" to share a device node, another is through > the LXC config file. I suspect apparmor is preventing this. To verify you could quickly edit /var/lib/lxc/CN/config and set lxc.aa_profile = unconfined ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
