[pve-devel] [PATCH container] Remove mknod call from pre-start hook

[Fabian Grünbichler]

> Wolfgang Bumiller <w.bumiller at proxmox.com> hat am 4. Februar 2016 um 19:55
> geschrieben:
> 
> 
> 
> > On February 4, 2016 at 4:41 PM Dietmar Maurer <dietmar at proxmox.com> wrote:
> > 
> > 
> > I thought that code is required to make volume resize happy?
> 
> If you mean `pct resize` then no, since it doesn't care about the
> guest's /dev, after all it has to work on stopped containers, too.
> 
> Although we might want to keep the write_cgroup_value() call in
> order to give the guest direct access to the device, but exposing
> the device node to the guest via its /dev does not work anymore
> with lxc.autodev=1 overmounting /dev with a new tmpfs.

This would also have to be moved somewhere else, because the
"/sys/fs/cgroup/devices/lxc/<NNN>/devices.allow" path is not accessable in the
pre-start hook (the whole <NNN> directory does not exist yet at this point). The
write_cgroup_value() call silently fails, which means that a subsequent mknod in
the container will work (because of the default "b *:* m" in devices.list), but
reading or writing to the device file won't (in other words, the device file is
pretty useless). 

After a manual write from the host to the devices.allow file after the container
has started, mknod and subsequent read/write operations work as expected. It is
possible to automate this by putting an "lxc.cgroup.devices.allow: b
<major>:<minor> rwm" line in /etc/pve/local/lxc/<NNN>.conf. We could also
automate this further by adding such a line to the generated LXC config file
automatically for each /dev mount point, but I don't think this is a desirable
default. Since it appears this code path has not worked for quite a while, it
seems people are content with what worked - mounting the device into the
specified mountpoint in the container's rootfs.