You have 10:137 for loop-control. But
include/linux/miscdevice.h:#define LOOP_CTRL_MINOR 237
On Mon, Dec 16, 2019 at 07:32:54PM -0500, Saint Michael wrote:
> I use privileged containers for internal use. They ar supposed to have all
> privileges, but when I did this
> mount -o loop /CentOS-8-x86_64-1905-dvd1.iso /opt
> mount: /opt: mount failed: Operation not permitted.
>
> here is my configuration
> lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
> lxc.mount.entry = sysfs sys sysfs defaults 0 0
> lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
>
> lxc.tty.max = 10
> lxc.pty.max = 1024
> lxc.cgroup.devices.deny = a
> lxc.cgroup.devices.allow = c 1:3 rwm
> lxc.cgroup.devices.allow = c 1:5 rwm
> lxc.cgroup.devices.allow = c 5:1 rwm
> lxc.cgroup.devices.allow = c 5:0 rwm
> lxc.cgroup.devices.allow = c 4:0 rwm
> lxc.cgroup.devices.allow = c 4:1 rwm
> lxc.cgroup.devices.allow = c 1:9 rwm
> lxc.cgroup.devices.allow = c 1:8 rwm
> lxc.cgroup.devices.allow = c 136:* rwm
> lxc.cgroup.devices.allow = c 5:2 rwm
> lxc.cgroup.devices.allow = c 254:0 rwm
> lxc.cgroup.devices.allow = c 10:137 rwm # loop-control
> lxc.cgroup.devices.allow = b 7:* rwm # loop*
> lxc.cgroup.devices.allow = c 10:229 rwm #fuse
> lxc.hook.autodev = sh -c 'mknod ${LXC_ROOTFS_MOUNT}/dev/fuse c 10 229'
>
> lxc.mount.auto = cgroup:mixed
> lxc.cap.drop =
> lxc.uts.name = mysql
> lxc.autodev = 1
> lxc.apparmor.profile = unconfined
> lxc.apparmor.allow_incomplete = 1
> _______________________________________________
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
