[packages/lxc] Allow to mknod all devices (but no access to use them)
glen
glen at pld-linux.org
Mon Nov 18 23:53:59 CET 2013
commit c4c6270b5049d68864abb82dc6e5549e0f3ed3a9
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Tue Nov 19 00:53:34 2013 +0200
Allow to mknod all devices (but no access to use them)
lxc-pld.in.sh | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
---
diff --git a/lxc-pld.in.sh b/lxc-pld.in.sh
index 0d985a8..30236c1 100755
--- a/lxc-pld.in.sh
+++ b/lxc-pld.in.sh
@@ -237,8 +237,15 @@ lxc.autodev = $auto_dev
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
-#cgroups
+## Devices
+# Allow all devices
+#lxc.cgroup.devices.allow = a
+# Deny all devices
lxc.cgroup.devices.deny = a
+# Allow to mknod all devices (but not using them)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/lxc.git/commitdiff/c4c6270b5049d68864abb82dc6e5549e0f3ed3a9
More information about the pld-cvs-commit
mailing list