On 08/08/2010 12:23 AM, Papp Tamas wrote: > hi! > > I use the everywhere offered lxc configuration as: > > lxc.cgroup.devices.deny = a > # /dev/null and zero > lxc.cgroup.devices.allow = c 1:3 rwm > lxc.cgroup.devices.allow = c 1:5 rwm > # consoles > lxc.cgroup.devices.allow = c 5:1 rwm > lxc.cgroup.devices.allow = c 5:0 rwm > lxc.cgroup.devices.allow = c 4:0 rwm > lxc.cgroup.devices.allow = c 4:1 rwm > # /dev/{,u}random > lxc.cgroup.devices.allow = c 1:9 rwm > lxc.cgroup.devices.allow = c 1:8 rwm > # /dev/pts/* - pts namespaces are "coming soon" > lxc.cgroup.devices.allow = c 136:* rwm > lxc.cgroup.devices.allow = c 5:2 rwm > # rtc > lxc.cgroup.devices.allow = c 254:0 rwm > > > > Why does the container have write access to /dev/rtc ? Why can the > container set the host's time and date setup. >
Good point. I think it would be preferable to set it read only in the /dev directory and the container configuration. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users