[systemd-devel] systemd-nspawn: access to disk devices does not work on centos 7/systemd 219
Mailing List SVR
lists at svrinformatica.it
Wed Jan 16 21:03:59 UTC 2019
Il 16/01/19 19:24, Lennart Poettering ha scritto:
> On Mi, 16.01.19 09:20, Mailing List SVR (lists at svrinformatica.it) wrote:
>
>> Well, this command will make the sd devices readable inside the container on
>> centos 7 too
>>
>> echo 'b 8:* rw' > /sys/fs/cgroup/devices/machine.slice/machine-bionic\\x2druntime.scope/devices.allow
>>
>> now I'll will search how to pass to systemd-nspawn using a command line
>> argument
> Use --property=DeviceAllow=…
thanks but this does not seems available in systemd 219, the version
shipped with centos 7, it fails with unrecognized option error.
Newer systemd versions work out of the box probably because they have
DevicePolicy=auto as default,
so basically I ended up writing a systemd-nspawn wrapper that, launched
from a systemd service, wait for
/sys/fs/cgroup/devices/machine.slice/machine-<name>.scope to appear and
then it sets the required permissions in devices.allow.
If I use the reboot command inside the container then the cgroup dir is
recreated and the permissions are lost since my wrapper is not called
luckily I can control the container and so I changed the reboot command
so it shutdowns the container instead and I set Restart=always in the
systemd service so the container is restarted automatically after the
shutdown,
so the only way to shutdown the container is using systemctl stop <my
service> but this is better than nothing,
Nicola
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
>
More information about the systemd-devel
mailing list