bad it will be.
Ultimately, I'd really rather have a containerized sysfs and devtmpfs,
but I suspect that there's going to be a lot of push back on doing that
in the kernel.
--
---Michael J Coss
--
Android i
within a
given namespace. A user space daemon can filter events and forward them
to the appropriate containers.
You still have fix the /dev in the container, and I put a local dev
directory in /etc/lxc/ and bind mount to allow my systemd
container to actually run udev, and have a custo
eadonly, but a unified policy would be nice.
My kernel patch is just to facility the communication to the container
of the appropriate uevents, and the daemon uses libudev to collect,
apply policy, and forward the appropriate events. And I'm working on a
running in a separate network namespace, but that's about it.
Of course, that still leaves you with sysfs needing similar treatment.
---Michael J Coss
--
October Webinars: Code for Performance
Free Intel webinars
something similar, and will look over
your patch set. Although, one use case that I want is kind of the
reverse of what you're doing; to run an Android container on a Linux
host, as well as just provide device protection to the host from containers.
--
---Michael J Coss
--
at a hotplug script running on the host could do
something like you describe. I would have to disable the propagation of
the uevent to the container, or simply remove the capability of doing
mknod from the container completely.
I'm still trying to figure out why the udev runni
tainer configuration determines what uevents should/can be
processed by that container. Or should it be handled elsewhere?
Michael J Coss
On 3/12/2013 1:04 PM, lxc-devel-requ...@lists.sourceforge.net wrote:
> Send Lxc-devel mailing list submissions to
> lxc-devel@lists.sourcefor
a a bit
of a hack although I'm still curious why events leak to the containers
when they are in separate namespaces.
Before I go too much further down this road I was wondering what the
current consensus is and figured this was the place to ask. So
thoughts? comments?
---Michael J Coss
-
