1029070 – libvirt-lxc: allow the use of a pre-populated /dev directory

Bug 1029070 - libvirt-lxc: allow the use of a pre-populated /dev directory

Summary: libvirt-lxc: allow the use of a pre-populated /dev directory

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libvirt
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Berrangé
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-11 15:34 UTC by Josh Poimboeuf
Modified:	2014-01-23 15:54 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-01-23 15:54:28 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Poimboeuf 2013-11-11 15:34:02 UTC

The docker team has a concept called docker-in-docker where they want to spawn containers from within a container.  They already use the lxc tools for this purpose.

In my port of docker to use libvirt-lxc as its container backend, it would be very helpful to have this functionality.  Currently libvirt-lxc drops the CAP_MKNOD capability so it's not directly possible to start a container from inside an outer libvirt-lxc container, since the inner container creation logic creates a /dev/ tmpfs and then needs to mknod several device files.

As Daniel Berrange pointed out to me, allowing a container to mknod is very dangerous.  A much more acceptable solution would be to add a feature to libvirt-lxc to allow the use of an existing pre-populated /dev directory.

Comment 1 Josh Poimboeuf 2014-01-23 15:54:28 UTC

I think we can cancel this bug now since the mknod issue will be solved by bug 1057200.

Note You need to log in before you can comment on or make changes to this bug.