Daniel Lezcano wrote: > Serge E. Hallyn wrote: >> Hi Daniel, >> >> I'm playing with liblxc containers and the device whitelist cgroup. >> One thing which makes the devices cgroup unique from the others is >> that there can be many entries to the devices.allow (and in theory >> also to devices.deny) file. liblxc doesn't support that right now. >> This needs to be fixed in two places. >> First, lxc_conf.c:write_info needs to write multiple entries >> from the .conf file into the cgroups/devices.allow file. I just >> changed the creat(f, 0755) to open(f, O_CREAT|O_WRONLY|O_APPEND, 0755) >> which seemed to work for me, but I'm not sure if that might adversely >> affect other code which counted on the truncation implicit in creat()? >> Secondly, the lxc_cgroup_copy needs to do a loop and write the >> entries one by one into the cgroup file. I'm just doing a dumb >> unsafe fgets loop, but I actually don't have that working yet, >> (which is why I'm not sending a patch - I figure you can whip >> something robust up in 2 seconds) > > Serge, thanks for investigating this bug. > I will look how to fix that without breaking previous container > configuration. Fixed and commited to CVS. I will do a new release as soon as I finish the man pages. Oren, is there any change I have to care about before releasing a new version ? Thanks. -- Daniel _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers