Discussion:
Device hot-plug for unprivileged lxc container.
(too old to reply)
Bludov Ivan (CM/ESO6)
2017-04-18 07:37:08 UTC
Permalink
Hello,

I need to provide device hot-plug for unprivileged container. I tried to use several approaches and I got some issues with different approaches. Can you make an advice about the right approach to do this?

1. "lxc-device add" + "lxc.cgroup.devices.allow = a *:* rwm" :
I can see the device inside the container (/dev/), but I can't access it at all.

2. "mount --bind" :

This doesn't work for container's /dev directory (even from /proc/(continer's PID)/rootfs/dev ). I would assume devtmpfs blocks mount events to folder /(container's rfs)/dev/.

But "mount -bind /(container's rfs)/dev-extra/" works.

3. "mknode /proc/(continer's PID)/rootfs/dev" :

The same as previous.

Can you please tell is the right approach I should follow?

Thank you.


Mit freundlichen Grüßen / Best regards

Ivan Bludov

Engineering SW Operating Systems (CM/ESO6)
Tel. +49(5121)49-3129 | Fax +49(711)811-5053129 | ***@de.bosch.com<mailto:***@de.bosch.com>
gunnar.wagner
2017-04-18 08:34:49 UTC
Permalink
just saw it again ....

'lxc-[cmd]' (LXC Containers) vs
'lxc [cmd]' (LXD Containers)

it would be so much less confusing whether LXD would just use 'lxd
[cmd]' instead of 'lxc [cmd]' syntax

- Am I (being a total novice and all) alone with this thought?
- any benefit from the current 'lxc [cmd]' command syntax for LXD
containers?

just wondering. Maybe it's an age-old discussion here but as someone
diving new into this ... it hits you right in the face
Simos Xenitellis
2017-04-18 09:57:38 UTC
Permalink
On Tue, Apr 18, 2017 at 11:34 AM, gunnar.wagner
Post by gunnar.wagner
just saw it again ....
'lxc-[cmd]' (LXC Containers) vs
'lxc [cmd]' (LXD Containers)
it would be so much less confusing whether LXD would just use 'lxd [cmd]'
instead of 'lxc [cmd]' syntax
- Am I (being a total novice and all) alone with this thought?
- any benefit from the current 'lxc [cmd]' command syntax for LXD
containers?
just wondering. Maybe it's an age-old discussion here but as someone diving
new into this ... it hits you right in the face
I think the issue here is this, is there any growing interest in LXC1
(those lxc-[cmd] commands)?
LXD/LXC is more usable than legacy LXC (i.e. LXC1).

You allude that you are new to this. Perhaps the real problem is that
the documentation for LXD/LXC
should get better so that when you google for Linux Containers, you
get new LXD/LXC tutorials and material.

Simos
Andrey Repin
2017-04-18 10:45:26 UTC
Permalink
Greetings, Simos Xenitellis!
Post by Simos Xenitellis
On Tue, Apr 18, 2017 at 11:34 AM, gunnar.wagner
Post by gunnar.wagner
just saw it again ....
'lxc-[cmd]' (LXC Containers) vs
'lxc [cmd]' (LXD Containers)
it would be so much less confusing whether LXD would just use 'lxd [cmd]'
instead of 'lxc [cmd]' syntax
- Am I (being a total novice and all) alone with this thought?
- any benefit from the current 'lxc [cmd]' command syntax for LXD
containers?
just wondering. Maybe it's an age-old discussion here but as someone diving
new into this ... it hits you right in the face
I think the issue here is this, is there any growing interest in LXC1
(those lxc-[cmd] commands)?
LXD/LXC is more usable than legacy LXC (i.e. LXC1).
LXC requires less infrastructure and easier to manage.
I prefer it over LXD for persistent deployments.
--
With best regards,
Andrey Repin
Tuesday, April 18, 2017 13:44:27

Sorry for my terrible english...
Anders Magnus Andersen
2017-04-18 12:54:49 UTC
Permalink
Post by Andrey Repin
Greetings, Simos Xenitellis!
Post by Simos Xenitellis
On Tue, Apr 18, 2017 at 11:34 AM, gunnar.wagner
Post by gunnar.wagner
just saw it again ....
'lxc-[cmd]'   (LXC Containers)   vs
'lxc [cmd]'   (LXD Containers)
it would be so much less confusing whether LXD would just
use   'lxd [cmd]'
instead of   'lxc [cmd]'   syntax
- Am I (being a total novice and all) alone with this thought?
- any benefit from the current   'lxc [cmd]'   command syntax for
LXD
containers?
just wondering. Maybe it's an age-old discussion here but as someone diving
new into this ... it hits you right in the face
I think the issue here is this, is there any growing interest in LXC1
(those lxc-[cmd] commands)?
LXD/LXC is more usable than legacy LXC (i.e. LXC1).
LXC requires less infrastructure and easier to manage.
I prefer it over LXD for persistent deployments.
I agree, for now, with the lack of "easy to get" documentation. LXC is
still very much alive.
Dan Kegel
2017-04-18 14:28:31 UTC
Permalink
I, too, have frequently been confused* at why things break when I type
lxd by accident.
But a low-tech fix might be for lxd to recognize this common typo
and output a more helpful error. That'd be an easy patch if someone
wants to try it.
- Dan

* although frankly most of my confusion doesn't have to do with lxc :-)
gunnar.wagner
2017-04-18 11:51:54 UTC
Permalink
... the real problem is that the documentation for LXD/LXC should get better so that when you google for Linux Containers, you get new LXD/LXC tutorials and material.
I don't think these two issues are related really.

Whether there was less and less interest in 'legacy' (as you call it)
LXC things would still be much clearer for everyone whether LXD would
not use lxc commands (no matter whether the documentation would be
better or not)
Bludov Ivan (CM/ESO6)
2017-04-24 11:44:10 UTC
Permalink
UP.
Does someone have an idea how to make device hot-plug for unprivileged containers?

Mit freundlichen Grüßen / Best regards

Ivan Bludov

Engineering SW Operating Systems (CM/ESO6)
Tel. +49(5121)49-3129 | Fax +49(711)811-5053129 | ***@de.bosch.com<mailto:***@de.bosch.com>


From: lxc-users [mailto:lxc-users-***@lists.linuxcontainers.org] On Behalf Of Bludov Ivan (CM/ESO6)
Sent: Tuesday, April 18, 2017 9:37 AM
To: lxc-***@lists.linuxcontainers.org
Subject: [lxc-users] Device hot-plug for unprivileged lxc container.

Hello,

I need to provide device hot-plug for unprivileged container. I tried to use several approaches and I got some issues with different approaches. Can you make an advice about the right approach to do this?

1. "lxc-device add" + "lxc.cgroup.devices.allow = a *:* rwm" :
I can see the device inside the container (/dev/), but I can't access it at all.

2. "mount --bind" :

This doesn't work for container's /dev directory (even from /proc/(continer's PID)/rootfs/dev ). I would assume devtmpfs blocks mount events to folder /(container's rfs)/dev/.

But "mount -bind /(container's rfs)/dev-extra/" works.

3. "mknode /proc/(continer's PID)/rootfs/dev" :

The same as previous.

Can you please tell is the right approach I should follow?

Thank you.


Mit freundlichen Grüßen / Best regards

Ivan Bludov

Engineering SW Operating Systems (CM/ESO6)
Tel. +49(5121)49-3129 | Fax +49(711)811-5053129 | ***@de.bosch.com<mailto:***@de.bosch.com>
Continue reading on narkive:
Loading...