On 03/14/2017 05:18 PM, Dusty Mabe wrote:
>
> On 03/14/2017 05:15 PM, Daniel J Walsh wrote:
>>
>> On 03/14/2017 05:02 PM, Dusty Mabe wrote:
>>> On 03/14/2017 04:56 PM, Daniel J Walsh wrote:
>>>> On 03/14/2017 04:29 PM, Daniel P. Berrange wrote:
>>>> I guess if you volume/bind mount the device into the container you could
>>>> see an issue,
>>>> but most containers that deal with /dev/kvm are going to be run as root,
>>>> anyways.
>>> I was running with --privileged, still got permission denied until I
>>> changed permissions of /dev/kvm to 666.
>>> _______________________________________________
>>> devel mailing list -- devel@lists.fedoraproject.org
>>> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
>> # docker run -ti --device /dev/kvm fedora ls -lZ /dev/kvm
>> crw-rw-rw-. 1 root 36 system_u:object_r:container_file_t:s0:c303,c737 10,
>> 232 Mar 14 21:12 /dev/kvm
>> # chmod 600 /dev/kvm
>> # docker run -ti --device /dev/kvm fedora ls -lZ /dev/kvm
>> crw-------. 1 root 36 system_u:object_r:container_file_t:s0:c281,c442 10,
>> 232 Mar 14 21:13 /dev/kvm
>>
>> So using --device to add the device to the container just maintains the
>> permission of the host
>> for the device you added. Whether it is volume mounted in or specified via
>> --device, at least
>> from dockers point of view.
> I'm not sure of your point. I was just trying to say that whether i
> was root or not did not seem to matter. I still got permission denied
> if perms were 600 and not 666. I'm working off of memory here, so it's
> possible somebody will prove me wrong.
>
> Dusty
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Most likely libvirt or whoever is launching the containers is not running
as root, so it is being blocked access.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
