How can I convince systemd-nspawn to let me create loop devices inside a
container?
I just learned that docker apparently has a —privileged=true, which allows
this. man docker says:
> The --privileged flag gives all capabilities to the container, and it also
> lifts all the limitations enforced by the device cgroup controller. In other
> words, the container can then do almost everything that the host can do. This
> flag exists to allow special use-cases, like running Docker within Docker.
Is that “just” a matter of adding the right privileges? And if so, how would I
do that?
I tried with:
systemd-nspawn … —capability=all
and perhaps I have to allow mknod in the container with something like
echo b 7:0 rwm >
/sys/fs/cgroup/devices/machine.slice/machine-<name>.scope/devices.allow
but it also seems that the container mounts tmpfs rather than devtmpfs at /dev
I’m a bit lost here …
Thanks,
Johannes.
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
