[systemd-devel] systemd 219 fails to create and/or use loop devices (or any other device)

Filipe Brandenburger filbranden at google.com
Thu Nov 19 09:35:13 PST 2015


On Thu, Nov 19, 2015 at 7:42 AM, von Thadden, Joachim, SEVEN
PRINCIPLES <joachim.von-thadden at 7p-group.com> wrote:
> using systemd 219-25 on Fedora 22 on a freshly created container I can not make any
> device. Usage of --capability=CAP_MKNOD makes no difference.
> Steps to reproduce:
> [root at nbl ~]# machinectl pull-raw --verify=no
> http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz
> [root at nbl ~]# systemd-nspawn --capability=CAP_MKNOD -M Fedora-Cloud-Base-20141203-21.x86_64
> [root at Fedora-Cloud-Base-20141203-21 ~]# strace -f mknod /dev/loop0 b 7 0
> mknod("/dev/loop0", S_IFBLK|0666, makedev(7, 0)) = -1 EPERM (Operation not permitted)

This is likely being caused by the use of the "devices" namespace,
which prevents you from using specific character and block devices
inside a cgroup. nspawn now sets these by default.

Calling systemd-nspawn with --property='DeviceAllow=/dev/loop0 rwm'
should allow it to mknod and later use it in losetup as well.


More information about the systemd-devel mailing list