[systemd-devel] loop devices inside container

Johannes Ernst johannes.ernst at gmail.com
Wed Jun 24 14:13:21 PDT 2015


How can I convince systemd-nspawn to let me create loop devices inside a container?

I just learned that docker apparently has a —privileged=true, which allows this. man docker says:

> The --privileged flag gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.

Is that “just” a matter of adding the right privileges? And if so, how would I do that?

I tried with:
    systemd-nspawn … —capability=all

and perhaps I have to allow mknod in the container with something like
    echo b 7:0 rwm > /sys/fs/cgroup/devices/machine.slice/machine-<name>.scope/devices.allow
but it also seems that the container mounts tmpfs rather than devtmpfs at /dev

I’m a bit lost here …

Thanks,



Johannes.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150624/7ef00230/attachment.html>


More information about the systemd-devel mailing list