[systemd-devel] manually lading kernel modules and have created /dev/* in container?
Greg KH
gregkh at linuxfoundation.org
Mon May 17 09:00:13 UTC 2021
On Mon, May 17, 2021 at 10:20:50AM +0200, Marc Weber wrote:
> Man says:
>
> "
>
> The host system cannot be rebooted and kernel modules may not be
> loaded from within the container.
> "
>
> https://lists.freedesktop.org/archives/systemd-devel/2015-February/027805.html
> said:
>
> "
> We nowadays explicitly disallow non-auto loading of kernel modules
> from containers, for security reasons. If you want to allow kernel
> modules, then you can do so by adding the CAP_SYS_MODULE capability
> set to the set of caps to retain in nspawn, by using its --capability=
> switch.
> "
>
> insmod .ko module works, the problem is that /dev/dahdi appears on host, not within the container.
That is up to your container, if it wants to mount devtmpfs within it or
not.
> Is there something simple I missed or do I need to switch to vkvm or such to run maybe 8y old opensuse
> on current kernel ?
What does vkvm or obsolete opensuse releases have to do with any of
this?
greg k-h
More information about the systemd-devel
mailing list