"lxc.cgroup.devices" is meaningless for unprivileged containers as those
can never create those devices anyway, so they'll only ever have access
to whatever devices lxc provides and nothing more. All our own default
configs specifically do not set that cgroup controller for unprivileged
containers.
The error you're getting specifically suggests that the cgroups that are
delegated to your unprivileged users do not include the devices
controller which does match what I'm seeing in /proc/self/cgroup on my
system here.
If you wanted to be able to write to the devices cgroup, you would need
your user session to have the devices cgroup in /proc/self/cgroup point
to a path that your user can write to. At which point the config should
work, though still effectively be meaningless.
** Changed in: lxc (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1843490
Title:
lxc.cgroup.devices.allow prevents unprivileged container from starting
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1843490/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
