[libvirt] PCI devices passthough to LXC containers using libvirt

[Serge Hallyn]

Quoting Devendra K. Modium (dmodium at isi.edu):
> Hi
> 
> Thanks for the reply.
> 
> I think the links that you provided show 
> how to deal with pci devices in case the hypervisor is kvm.
> Please correct me if I am wrong.
> 
> But I am using LXC containers.I have skimmed through
> the libvirt lxc driver code and found no functionality of
> allowing specified devices into a container exists
> other than currently where only hard coded devices are allowed
> which can be seen in the file lxc_controller.c
> 
>   struct cgroup_device_policy devices[] = {
>         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL},
>         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO},
>         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL},
>         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
>         {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
>         {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
>         {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
>         {0,   0, 0}};
> 
> 
> Please confirm this or let me know if there is any other interface libvirt_lxc 
> provides to allow specific pci/other devices into container.

The qemu driver allows for this list to be specified in the
config file.  You could send a patch for the lxc driver to do
the same.  You also could go further and add xml format to
add extra entries.

But as this is implemented using cgroups, the other thing you
can do is to manually, after you start the container, add the
devices whitelist entries yourself.  Depending on how you're
using it this might suffice...

-serge