[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] configuration support to allow devices into cgroup devices devices.list inside libvirt_lxc container

On Sat, Dec 29, 2018 at 02:11:40PM +0530, Mohan R wrote:
> Hi,
> I was having trouble with losetup inside libvirt_lxc container. Then I
> found that <mknod state="on"> will provide CAP_MKNOD capability.
> Even after enabling CAP_MKNOD in my container, I was not able to do
> 'losetup' because cgroup's device.list for my container dont have 'rwm'
> flags for loop devices ('b 7:* rwm' in
> /sys/fs/cgroup/devices/machine.slice/machine-
> lxc*.scope/user/*/c1.session/devices.list)
> Currently I have to manually do echo "b 7:* rwm" into
> /sys/fs/cgroup/devices/machine.slice/machine-lxc*.scope/devices.allow
> file before I login into the container in order to use loop devices. It
> will be useful if we have a way to do this through domain xml rather
> than manually doing it like what I'm doing now.
> I looked into rng files, but I'm not able to find a way to define 'b
> 7:* rwm' in xml. I just want to check with the devs if this is possible
> already. Otherwise I'll file one improvement bug.


For QEMU we have configuration file '/etc/libvirt/qemu.conf' where you
can add some implicit devices rules using 'cgroup_device_acl'.  I guess
we should add the same option for LXC.  There is probably no way how to
do it right now so feel free to create new BUG.


> I think lxc already have a way to do this through
> lxc.cgroup.devices.allow
> Thanks,
> Mohan R
> --
> libvir-list mailing list
> libvir-list redhat com
> https://www.redhat.com/mailman/listinfo/libvir-list

Attachment: signature.asc
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]