On Fri, 2015-10-30 at 09:15 +0900, Daniel P. Berrange wrote: > So, yes, it is normal for libvirt_lxc to access /dev/ptmx to create > a new master PTY and to read/write to /dev/pts/NN associated with > the file descriptor retrieved from /dev/ptmx. After some more debugging and help from jjohansen, the problem happens to be this commit: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d0d4b8ad76d3e8a859ee90701a21a3f003a22c1f When having the not-so-silly idea to mount the host / readonly in a qemu guest (like what virt-sandbox is doing), we are adding a "deny /** w" rule taking precedence over all rules giving write access to files inside that path. Would there be a clean solution for that problem? I can already teach virt-sandbox to add the host / mount only if there is nothing else to be mounted as /, but that wouldn't cover all cases. -- Cedric -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list