[Devel] Re: liblxc: lxc-debian

Serge E. Hallyn serue at us.ibm.com
Mon Dec 8 15:43:48 PST 2008 

Quoting Matt Helsley (matthltc at us.ibm.com):
> > (this is the code i inserted into the old lxc-debian command,
> > haven't checked if i need to change it for the new one)
> > 
> >     echo "lxc.cgroup.devices.deny = a" >> $CONFFILE
> >     # /dev/null and zero
> >     echo "lxc.cgroup.devices.allow = c 1:3 rwm" >> $CONFFILE
> >     echo "lxc.cgroup.devices.allow = c 1:5 rwm" >> $CONFFILE
> >     # consoles
> >     echo "lxc.cgroup.devices.allow = c 5:1 rwm" >> $CONFFILE
> >     echo "lxc.cgroup.devices.allow = c 5:0 rwm" >> $CONFFILE
> >     echo "lxc.cgroup.devices.allow = c 4:0 rwm" >> $CONFFILE
> >     echo "lxc.cgroup.devices.allow = c 4:1 rwm" >> $CONFFILE
> >     # /dev/{,u}random
> >     echo "lxc.cgroup.devices.allow = c 1:9 rwm" >> $CONFFILE
> >     echo "lxc.cgroup.devices.allow = c 1:8 rwm" >> $CONFFILE
> >     # /dev/pts/* - pts namespaces are "coming soon"
> >     echo "lxc.cgroup.devices.allow = c 136:* rwm" >> $CONFFILE
> >     # rtc
> >     echo "lxc.cgroup.devices.allow = c 254:0 rwm" >> $CONFFILE
> 
> This could be a tad prettier with a "here file" rather than all the
> echoes and >> $CONFFILE:

The new lxc-debian actually does

	cat > $CONFIGFILE << EOF

I pasted from my old version.

>         #
>         # Write some reasonable default device whitelist rules
>         #
>         cat - >> $CONFFILE <<-"EOF"
>         lxc.cgroup.devices.deny = a
>         # /dev/null and zero
>         lxc.cgroup.devices.allow = c 1:3 rwm
>         lxc.cgroup.devices.allow = c 1:5 rwm
>         # consoles
>         lxc.cgroup.devices.allow = c 5:1 rwm
>         lxc.cgroup.devices.allow = c 5:0 rwm
>         lxc.cgroup.devices.allow = c 4:0 rwm
>         lxc.cgroup.devices.allow = c 4:1 rwm
>         # /dev/{,u}random
>         lxc.cgroup.devices.allow = c 1:9 rwm
>         lxc.cgroup.devices.allow = c 1:8 rwm
>         # /dev/pts/* - pts namespaces are "coming soon"
>         lxc.cgroup.devices.allow = c 136:* rwm
>         # rtc 
>         lxc.cgroup.devices.allow = c 254:0 rwm
>         EOF
> 
> The quotes around EOF prevent bash from doing any substitution on the
> file contents.
> 
> Cheers,
> 	-Matt
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

More information about the Devel mailing list