Signed-off-by: Filip Schauer <f.scha...@proxmox.com>
---
Is it reasonable to add a "dev[n]" argument to the pct.conf, given that
device mount points only allow passing through block devices?
src/PVE/LXC.pm | 14 ++++++++++++++
src/PVE/LXC/Config.pm | 32 ++++++++++++++++++++++++++++++++
2 files changed, 46 insertions(+)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index c9b5ba7..6090534 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -639,6 +639,20 @@ sub update_lxc_config {
$raw .= "lxc.mount.auto = sys:mixed\n";
}
+ foreach my $k (keys %$conf) {
+ next if $k !~ m/^dev(\d+)$/;
+ my $devpath = $conf->{$k};
+ die "Device $devpath does not exist\n" unless (-e $devpath);
+
+ my ($mode, $rdev) = (stat($devpath))[2, 6];
+ die "Could not find major and minor ids of device $devpath.\n" unless
($mode && $rdev);
+
+ my $major = PVE::Tools::dev_t_major($rdev);
+ my $minor = PVE::Tools::dev_t_minor($rdev);
+ $raw .= "lxc.cgroup2.devices.allow = c $major:$minor rw\n";
+ $raw .= "lxc.mount.entry = $devpath " . substr($devpath, 1) . " none
bind,create=file\n";
+ }
+
# WARNING: DO NOT REMOVE this without making sure that loop device nodes
# cannot be exposed to the container with r/w access (cgroup perms).
# When this is enabled mounts will still remain in the monitor's namespace
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 56e1f10..4665ab1 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -29,6 +29,7 @@ mkdir $lockdir;
mkdir "/etc/pve/nodes/$nodename/lxc";
my $MAX_MOUNT_POINTS = 256;
my $MAX_UNUSED_DISKS = $MAX_MOUNT_POINTS;
+my $MAX_DEVICES = 256;
# BEGIN implemented abstract methods from PVE::AbstractConfig
@@ -908,6 +909,37 @@ for (my $i = 0; $i < $MAX_UNUSED_DISKS; $i++) {
}
}
+PVE::JSONSchema::register_format('pve-lxc-dev-string',
\&verify_lxc_dev_string);
+sub verify_lxc_dev_string {
+ my ($dev, $noerr) = @_;
+
+ if ($dev !~ m!^/dev/!) {
+ return undef if $noerr;
+ die "$dev does not start with /dev/\n";
+ }
+
+ return $dev;
+}
+
+my $dev_desc = {
+ dev => {
+ type => 'string',
+ default_key => 1,
+ format => 'pve-lxc-dev-string',
+ format_description => 'Path',
+ description => 'Device to pass through to the container',
+ verbose_description => 'Path to the device to pass through to the
container'
+ }
+};
+
+for (my $i = 0; $i < $MAX_DEVICES; $i++) {
+ $confdesc->{"dev$i"} = {
+ optional => 1,
+ type => 'string', format => $dev_desc,
+ description => "Device to pass through to the container",
+ }
+}
+
sub parse_pct_config {
my ($filename, $raw, $strict) = @_;
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
