On Fri, 2015-10-30 at 09:15 +0900, Daniel P. Berrange wrote: > NB in containers we have two PTYs involved. The libvirt_lxc process > opens one pty in the host context and that is used to communicate > between virsh console & libvirt_lxc. The libvirt_lxc process opens > one pty in the guest context and that is used to commnuicate between > libvirt_lxc and the container master console. Libvirt_lxc forwards > data between the two PTYs. > > So, yes, it is normal for libvirt_lxc to access /dev/ptmx to create > a new master PTY and to read/write to /dev/pts/NN associated with > the file descriptor retrieved from /dev/ptmx. After checking more carefully, all rules are already in the profile... and are concerning the qemu builder. I haven't checked if it happens with lxc yet. The question now is why does it happen with virt-sandbox and not with a normal libvirt qemu domain. -- Cedric -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list