Hi, all, we have several configuration options which limit a block device inside a CT. They are dev_cgroup exceptions bits, ve_struct::devmnt options and ve_struct::ve_sysfs_perms.
We don't have a way to configure ACC_MOUNT bit using dev_cgroup interface, so we use VZCTL_SETDEVPERMS ioctl for that. We used to do not want to add it to cgroup inteface, because it's not it mainstream and some userspace may be confused from additional bit. Igor suggested to simplify userspace life and to allow to mount a block device in any sences when we're setting ve_struct::devmnt options. Kernel will set the bit by itself. This allows to get rid of the ioctl for newer vzctl. Maybe good, but this leads to cross-cgroup dependence (dev_cgroup and ve cgroup). It's dirty and not OK. So I want to move devmnt from ve cgroup to dev_cgroup, and make device mount options an option of dev_cgroup. This looks logically. Both device configuring eggs together. Does anybody have objection from that? Kirill _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
