On Sat, Dec 29, 2018 at 02:11:40PM +0530, Mohan R wrote:
> Hi,
>
> I was having trouble with losetup inside libvirt_lxc container. Then I
> found that <mknod state="on"> will provide CAP_MKNOD capability.
>
> Even after enabling CAP_MKNOD in my container, I was not able to do
> 'losetup' because cgroup's device.list for my container dont have 'rwm'
> flags for loop devices ('b 7:* rwm' in
> /sys/fs/cgroup/devices/machine.slice/machine-
> lxc*.scope/user/*/c1.session/devices.list)
>
> Currently I have to manually do echo "b 7:* rwm" into
> /sys/fs/cgroup/devices/machine.slice/machine-lxc*.scope/devices.allow
> file before I login into the container in order to use loop devices. It
> will be useful if we have a way to do this through domain xml rather
> than manually doing it like what I'm doing now.
>
> I looked into rng files, but I'm not able to find a way to define 'b
> 7:* rwm' in xml. I just want to check with the devs if this is possible
> already. Otherwise I'll file one improvement bug.
Hi,
For QEMU we have configuration file '/etc/libvirt/qemu.conf' where you
can add some implicit devices rules using 'cgroup_device_acl'. I guess
we should add the same option for LXC. There is probably no way how to
do it right now so feel free to create new BUG.
Pavel
> I think lxc already have a way to do this through
> lxc.cgroup.devices.allow
>
> Thanks,
> Mohan R
>
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
