Serge E. Hallyn wrote: > Hi Daniel, > > I'm playing with liblxc containers and the device whitelist cgroup. > One thing which makes the devices cgroup unique from the others is > that there can be many entries to the devices.allow (and in theory > also to devices.deny) file. liblxc doesn't support that right now. > This needs to be fixed in two places. > First, lxc_conf.c:write_info needs to write multiple entries > from the .conf file into the cgroups/devices.allow file. I just > changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755) > which seemed to work for me, but I'm not sure if that might adversely > affect other code which counted on the truncation implicit in creat()? > Secondly, the lxc_cgroup_copy needs to do a loop and write the > entries one by one into the cgroup file. I'm just doing a dumb > unsafe fgets loop, but I actually don't have that working yet, > (which is why I'm not sending a patch - I figure you can whip > something robust up in 2 seconds) Serge, thanks for investigating this bug. I will look how to fix that without breaking previous container configuration. -- Daniel _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers