Quoting Papp Tamás (tom...@martos.bme.hu): > > Daniel Lezcano wrote, On 2010. 08. 09. 0:37: > > On 08/08/2010 12:23 AM, Papp Tamas wrote: > >> hi! > >> > >> I use the everywhere offered lxc configuration as: > >> > >> lxc.cgroup.devices.deny = a > >> # /dev/null and zero > >> lxc.cgroup.devices.allow = c 1:3 rwm > >> lxc.cgroup.devices.allow = c 1:5 rwm > >> # consoles > >> lxc.cgroup.devices.allow = c 5:1 rwm > >> lxc.cgroup.devices.allow = c 5:0 rwm > >> lxc.cgroup.devices.allow = c 4:0 rwm > >> lxc.cgroup.devices.allow = c 4:1 rwm > >> # /dev/{,u}random > >> lxc.cgroup.devices.allow = c 1:9 rwm > >> lxc.cgroup.devices.allow = c 1:8 rwm > >> # /dev/pts/* - pts namespaces are "coming soon" > >> lxc.cgroup.devices.allow = c 136:* rwm > >> lxc.cgroup.devices.allow = c 5:2 rwm > >> # rtc > >> lxc.cgroup.devices.allow = c 254:0 rwm > >> > >> > >> > >> Why does the container have write access to /dev/rtc ? Why can the > >> container set the host's time and date setup. > >> > > > > Good point. I think it would be preferable to set it read only in the > > /dev directory and the container configuration. > > > > Well, I tried it, I set up: > > lxc.cgroup.devices.allow = c 254:0 r > > Now I have no /dev/rtc0. Why?
I guess the container tried to create it after being moved into the devices cgroup. You didn't give the container the rights to create that device. > Does the container need it anyway? Well, you tell us - how is your container doing now that it doesn't have it? -serge ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users