Re: [systemd-devel] systemd-nspawn: access to disk devices does not work on centos 7/systemd 219
Il 16/01/19 19:24, Lennart Poettering ha scritto: On Mi, 16.01.19 09:20, Mailing List SVR (li...@svrinformatica.it) wrote: Well, this command will make the sd devices readable inside the container on centos 7 too echo 'b 8:* rw' > /sys/fs/cgroup/devices/machine.slice/machine-bionic\\x2druntime.scope/devices.allow now I'll will search how to pass to systemd-nspawn using a command line argument Use --property=DeviceAllow=… thanks but this does not seems available in systemd 219, the version shipped with centos 7, it fails with unrecognized option error. Newer systemd versions work out of the box probably because they have DevicePolicy=auto as default, so basically I ended up writing a systemd-nspawn wrapper that, launched from a systemd service, wait for /sys/fs/cgroup/devices/machine.slice/machine-.scope to appear and then it sets the required permissions in devices.allow. If I use the reboot command inside the container then the cgroup dir is recreated and the permissions are lost since my wrapper is not called luckily I can control the container and so I changed the reboot command so it shutdowns the container instead and I set Restart=always in the systemd service so the container is restarted automatically after the shutdown, so the only way to shutdown the container is using systemctl stop service> but this is better than nothing, Nicola Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-nspawn: access to disk devices does not work on centos 7/systemd 219
Well, this command will make the sd devices readable inside the container on centos 7 too echo 'b 8:* rw' > /sys/fs/cgroup/devices/machine.slice/machine-bionic\\x2druntime.scope/devices.allow now I'll will search how to pass to systemd-nspawn using a command line argument Il 16/01/19 01:42, Mailing List SVR ha scritto: Hi, I'm quite new to systemd-nspawn, I configured a systemd container based on ubuntu bionic using debootstrap. I can start the container from a bionic host (systemd 237) with a command like this one systemd-nspawn -b -D bionic-devel --capability=CAP_SYS_TIME,CAP_SYS_RAWIO --bind=/dev/sda and inside the container I have read/write permissions on /dev/sda, for example cat /dev/sda works fine. If I start the same container from Arch Linux (systemd 240) it works the same way: /dev/sda is accessibile, but if I start this container from centos 7 (systemd 219) I cannot read /dev/sda cat /dev/sda cat: /dev/sda: Operation not permitted I tryed to disable selinux with no luck and I cannot see nothing relevant in the logs, can the problem be related to the old systemd version? Any idea on how to debug this issue? thanks! ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd-nspawn: access to disk devices does not work on centos 7/systemd 219
Hi, I'm quite new to systemd-nspawn, I configured a systemd container based on ubuntu bionic using debootstrap. I can start the container from a bionic host (systemd 237) with a command like this one systemd-nspawn -b -D bionic-devel --capability=CAP_SYS_TIME,CAP_SYS_RAWIO --bind=/dev/sda and inside the container I have read/write permissions on /dev/sda, for example cat /dev/sda works fine. If I start the same container from Arch Linux (systemd 240) it works the same way: /dev/sda is accessibile, but if I start this container from centos 7 (systemd 219) I cannot read /dev/sda cat /dev/sda cat: /dev/sda: Operation not permitted I tryed to disable selinux with no luck and I cannot see nothing relevant in the logs, can the problem be related to the old systemd version? Any idea on how to debug this issue? thanks! ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
