On Fri, Feb 16, 2018, at 2:29 PM, Daniel Walsh wrote: > Does this actually work?
Yes =) For example it broke and we fixed it e.g.: https://github.com/stefwalter/oci-kvm-hook/pull/4 > I would figure the device cgroup would prevent > use of the kvm device inside a container unless you also modified the > cgroup? > > > podman run --device /dev/kvm I guess the thing is personally, I see it as quite safe to expose the KVM device nowadays, and having to annotate containers explicitly for it is annoying, particularly in the Kube/OpenShift case. That said the linked thread above contains a proposal for the Kube equivalent of this.
