[libvirt-users] libvirt-lxc capabilities mknod
jsl6uy js16uy
js16uy at gmail.com
Thu Aug 18 14:30:56 UTC 2016
Very Nice.
Will try that path and keep that in mind future forward!
Thanks very much
Regards
On Thu, Aug 18, 2016 at 2:48 AM, Daniel P. Berrange <berrange at redhat.com>
wrote:
> On Wed, Aug 17, 2016 at 12:38:10PM -0500, jsl6uy js16uy wrote:
> > Hello all, hope all is well
> >
> > Issue: Any way to give granular mknod capabilities to a container? Only
> > allow creation of specific device?
> >
> > bit of background
> >
> > Have a laptop running arch and libvirt
> > loading an arch lxc container created from lxc-create
> > Overall container is up and running, I use it for vpn connections
> >
> > Initially it would not setup of the tun device. Previously using just the
> > lxc tool set, I can edit the lxc.conf config file for the container and
> > allow device creation of just the tun device.
> >
> > In libvirt I can add capabilities for mknod, but seems to be blanket for
> > any device creation within the container? Is this correct?
>
> If you know what device you want do you don't need to allow mknod at
> all, just tell libvirt to create it for you eg
>
> <hostdev mode='capabilities' type='misc'>
> <source>
> <char>/dev/net/tun</char>
> </source>
> </hostdev>
>
>
> Regards,
> Daniel
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org -o- http://virt-manager.org
> :|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/
> :|
> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc
> :|
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20160818/bd8efd8e/attachment.htm>
More information about the libvirt-users
mailing list