Thanks for your answer, but... > Mantas Mikulėnas [mailto:somewhere] > Hmm, isn't debootstrap supposed to run outside the container? Or are you > trying to nest two containers?
It's indeed a nested container. The outer container is a working container in which I do all I need to do. The inner container is the container that should host our software. The debootstrap command is launch in the outter container, to generate the inner container > Anyway, nspawn containers by default limit devices via both POSIX > capabilities and cgroups; you would need --capability=cap_mknod to create > device nodes, and <some cgroup pixie dust> to access them in case they're not > in the defautl whitelist. The capability is present, with and even without the --capability option. So this is not the problem. -- Emmanuel Coirier _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
