Quoting Daniel Lezcano (dlezcano@xxxxxxxxxx): > Serge E. Hallyn wrote: >> Quoting Matt Helsley (matthltc@xxxxxxxxxx): >>> # >>> # Write some reasonable default device whitelist rules >>> # >>> cat - >> $CONFFILE <<-"EOF" >>> lxc.cgroup.devices.deny = a >>> # /dev/null and zero >>> lxc.cgroup.devices.allow = c 1:3 rwm >>> lxc.cgroup.devices.allow = c 1:5 rwm >>> # consoles >>> lxc.cgroup.devices.allow = c 5:1 rwm >>> lxc.cgroup.devices.allow = c 5:0 rwm >>> lxc.cgroup.devices.allow = c 4:0 rwm >>> lxc.cgroup.devices.allow = c 4:1 rwm >>> # /dev/{,u}random >>> lxc.cgroup.devices.allow = c 1:9 rwm >>> lxc.cgroup.devices.allow = c 1:8 rwm >>> # /dev/pts/* - pts namespaces are "coming soon" >>> lxc.cgroup.devices.allow = c 136:* rwm >>> # rtc lxc.cgroup.devices.allow = c 254:0 rwm >>> EOF >>> >>> The quotes around EOF prevent bash from doing any substitution on the >>> file contents. > > I added these devices to the debian configuration file and fixed the > cgroup list order, "lxc.cgroup.devices.deny = a" was the last entry :/ Weird. It's the first now I hope :) > By default the debian has no root password, so the ssh connection will > always fail until a password is set for root. I will look on how to > change the root password to 'root' after debootstraping ... > > I added "lxc.cgroup.devices.allow = c 5:2 rwm" > in order to use /dev/ptmx for the tty's ssh connection. > > The container is no longer able to create /dev/initctl, so the poweroff > command will fail. Serge do you know what is the syntax for the > devices.allow for initctl ? initctl isn't a device, it's a fifo. At least on my laptop. thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers