Bug 1029070 - libvirt-lxc: allow the use of a pre-populated /dev directory
libvirt-lxc: allow the use of a pre-populated /dev directory
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Daniel Berrange
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-11-11 10:34 EST by Josh Poimboeuf
Modified: 2014-01-23 10:54 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-01-23 10:54:28 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Poimboeuf 2013-11-11 10:34:02 EST
The docker team has a concept called docker-in-docker where they want to spawn containers from within a container.  They already use the lxc tools for this purpose.

In my port of docker to use libvirt-lxc as its container backend, it would be very helpful to have this functionality.  Currently libvirt-lxc drops the CAP_MKNOD capability so it's not directly possible to start a container from inside an outer libvirt-lxc container, since the inner container creation logic creates a /dev/ tmpfs and then needs to mknod several device files.

As Daniel Berrange pointed out to me, allowing a container to mknod is very dangerous.  A much more acceptable solution would be to add a feature to libvirt-lxc to allow the use of an existing pre-populated /dev directory.
Comment 1 Josh Poimboeuf 2014-01-23 10:54:28 EST
I think we can cancel this bug now since the mknod issue will be solved by bug 1057200.

Note You need to log in before you can comment on or make changes to this bug.