On 01/25/2012 04:27 AM, Samuel Hassine wrote: > Hi there, > > Do you know if there is a way to modify how libvirt interacts with the > cgroup? > > Because, I successfully add the /dev/net/tun support in my LXC container > by doing: > > echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow Libvirt is supposed to be automatically modifying devices.allow as part of setting up domains, so that devices mentioned/required by the domain XML are permitted and no other devices are passed through (that is, libvirt is already using cgroups as part of its sVirt strategy). At least this is true for qemu while using sVirt. But you mentioned LXC, where sVirt is just now barely being added; so maybe the answer is to wait for the 0.9.10 release, and then ask the question again. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
