Hi Daniel, I'm playing with liblxc containers and the device whitelist cgroup. One thing which makes the devices cgroup unique from the others is that there can be many entries to the devices.allow (and in theory also to devices.deny) file. liblxc doesn't support that right now. This needs to be fixed in two places. First, lxc_conf.c:write_info needs to write multiple entries from the .conf file into the cgroups/devices.allow file. I just changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755) which seemed to work for me, but I'm not sure if that might adversely affect other code which counted on the truncation implicit in creat()? Secondly, the lxc_cgroup_copy needs to do a loop and write the entries one by one into the cgroup file. I'm just doing a dumb unsafe fgets loop, but I actually don't have that working yet, (which is why I'm not sending a patch - I figure you can whip something robust up in 2 seconds) thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers