On 03/14/2017 05:15 PM, Daniel J Walsh wrote: > > > On 03/14/2017 05:02 PM, Dusty Mabe wrote: >> >> On 03/14/2017 04:56 PM, Daniel J Walsh wrote: >>> >>> On 03/14/2017 04:29 PM, Daniel P. Berrange wrote: >>> I guess if you volume/bind mount the device into the container you could >>> see an issue, >>> but most containers that deal with /dev/kvm are going to be run as root, >>> anyways. >> I was running with --privileged, still got permission denied until I >> changed permissions of /dev/kvm to 666. >> _______________________________________________ >> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > > # docker run -ti --device /dev/kvm fedora ls -lZ /dev/kvm > crw-rw-rw-. 1 root 36 system_u:object_r:container_file_t:s0:c303,c737 10, 232 Mar 14 21:12 /dev/kvm > # chmod 600 /dev/kvm > # docker run -ti --device /dev/kvm fedora ls -lZ /dev/kvm > crw-------. 1 root 36 system_u:object_r:container_file_t:s0:c281,c442 10, 232 Mar 14 21:13 /dev/kvm > > So using --device to add the device to the container just maintains the permission of the host > for the device you added. Whether it is volume mounted in or specified via --device, at least > from dockers point of view. I'm not sure of your point. I was just trying to say that whether i was root or not did not seem to matter. I still got permission denied if perms were 600 and not 666. I'm working off of memory here, so it's possible somebody will prove me wrong. Dusty _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
