Quoting Stewart Brodie (sbro...@espial.com): > Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Stewart Brodie (sbro...@espial.com): > > > > I'm attempting to start an unprivileged container and populate the > > > devices using an autodev hook, but that doesn't work, because the user > > > namespace has already been changed. So I'm stuck with having to bind > > > mount all the devices individually, which would be great - except that > > > the device nodes don't all exist in the host, so I'm having to create > > > them in the host in advance of starting the containers. > > > > If you are starting this container as root then you can use an > > lxc.hook.pre-start hook to create and chown the devices. > > I assume you mean use the pre-start hook to create them in the host's > devtmpfs? I realise I could create the device nodes in the host's devtmpfs > manually, but it is a requirement for our system that that they must not > exist there - only in the relevant containers' /dev tmpfses. > > My current temporary workaround is indeed to create the device nodes in the > host's devtmpfs and bind mount them into containers using lxc.mount.entry > declarations in the configuration files, but I'm looking for a permanent > solution.
You could create a 'permdev' or somesuch directory under the container's dir (i.e. /var/lib/lxc/$c/permdev or $HOME/.local/share/lxc/$c/permdev) and create them there, then bind mount them from there? > > > However, another far neater way of doing this could be to use the > > > freezer instead. Just give lxc-start a new command-line option to start > > > the container *but* crucially, leave it frozen when lxc-start exits. > > > The caller can then just do lxc-start, lxc-device, lxc-unfreeze. > > > > [can you run lxc-device on a frozen container?] > > For future reference, this does indeed work. I like the idea, because it > would allow all sorts of fettling to go on with the new container from the > host side before it really starts executing. > > > -- > Stewart Brodie > Senior Software Engineer > Team Leader ANT Galio Browser > Espial UK > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users