首頁 » lxc

LXC - Device

由 datahunter 在 日, 05/08/2012 - 22:26 發表

最後更新: 2016-03-12

目錄

  • 查看即時設定
  • VPS 內的 Serial Port
  • 把 USB Printer 放進 VPS 內
  • Device
  • Device 設定

 

查看即時設定

 

vps(名稱: myserver) 可用的 device 情況在

ls /sys/fs/cgroup/devices/lxc/myserver

devices.deny         <--- 這兩個檔案決定 vps 可否用那 device
devices.allow
devices.list         <--- 現在的情況

* when a device access is removed from a parent it will not also be removed from the child(ren).

# 查看可以 access 到的 device

cat /sys/fs/cgroup/devices/lxc/myserver/devices.list

c 1:3 rwm
c 1:5 rwm
c 5:1 rwm
c 5:0 rwm
c 4:0 rwm
c 4:1 rwm
c 1:9 rwm
c 1:8 rwm
c 136:* rwm
c 5:2 rwm
c 254:0 rwm
c 180:0 rwm

# 設定

# allows cgroup 1 to read and mknod the device usually known as /dev/null.

echo 'c 1:3 mr' > /sys/fs/cgroup/1/devices.allow

# fields

type major: minor  Access

a (all), c (char), or b (block)

* for all

r (read), w (write), and m (mknod)

 

# 權限

CAP_SYS_ADMIN is needed to modify the whitelist or move another task to a new cgroup.

 

VPS 內的 Serial Port

 

查看主機上的 Serial Port

root@home:~# ll /dev/ttyS0

crw-rw---- 1 root dialout 4, 64 Nov 28 00:25 /dev/ttyS0

 

修改 VPS 的設定:

# Serial Port (/dev/ttyS0)
lxc.cgroup.devices.allow                = c 4:64 rwm

 

在 vps 內:

root@debian6:~# mknod /dev/ttyS0 c 4 64

 

測試:

root@debian6:~# setserial /dev/ttyS0

/dev/ttyS0, UART: 16550A, Port: 0x03f8, IRQ: 4

 

把 USB Printer 放進 VPS 內

 

查看 host 上見不見 usb printer 先

# lsusb

Bus 002 Device 002: ID 04e8:3292 Samsung Electronics Co., Ltd ML-1640 Series Laser Printer

查看 printer 的 device

# ll /dev/usb/*

crw-rw----  1 root lp   180, 0 Aug  5 21:47 lp0

VPS - myserver 可以用 host 上的 printer device:

echo 'c 180 0' > /sys/fs/cgroup/devices/lxc/myserver/devices.allow

 

在 VPS 內建立相對應的 Device

  1. mkdir /dev/usb
  2. cd /dev/usb
  3. mknod c 180 0 lp0
  4. chgrp lp lp0
  5. chmod 660 lp0

# restart print service

/etc/init.d/cups restart

一齊順利的話就可 print 東西了

 

Configure File

設定檔:

lxc.cgroup.devices.allow                = c 180:0 rwm

 

Device

 

rtc - "c 254:0"

fuse - "c 10:229"

mpu401data
mpu401stat

# MPU-401 data port / status port <-- 沒有用

/dev/psaux (PS/2)

# PS/2 mouse connection

sndstat

# Open Sound System status device

# text formatted device special file that returns information about available (OSS) sound devices.

tun -  "c 10:200"

full - "c 1:7"

# always full device
# Writes: test how a program handles disk-full errors.
# Reads: from the /dev/full device will return \0 characters.

ptmx - "c 5:2"

# pseudoterminal master
# When a process opens /dev/ptmx, it gets a file descriptor for a pseudoterminal master
# (PTM), and a pseudoterminal slave (PTS) device is created in the /dev/pts directory.

# /dev/pts/* - "c 136:*"

pseudoterminal slave

crw------- 1 root tty  136, 0 Apr  1 18:00 0            <--- 每次 ssh 就會多一個
crw------- 1 root tty  136, 1 Apr  1 18:00 1
crw-rw-rw- 1 root root   5, 2 Apr  1 18:00 ptmx

pts 及 tty 會與以下設定有關:

lxc.tty = 4
lxc.pts = 1024

 

Device 設定

 

Full view:

#### Device ####

# Deny all first
lxc.cgroup.devices.deny = a

# Allow any mknod (but not using the node)
#lxc.cgroup.devices.allow = c *:* m
#lxc.cgroup.devices.allow = b *:* m

# null, zero, full
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm

# consoles(5, 1), ptmx(5, 2), pty/0(136, 0), pty/1(136, 1)
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm

# tty(5, 0)
# host 上的 tty: tty0(4, 0), tty1(4, 0)
# container 內的 tty: tty1(136,0), tty2(136,1)
# 如果 vps 內只行 "/sbin/mingetty console" 那就可以不用 tty 了
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm


# random, urandom
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm

# rtc
lxc.cgroup.devices.allow = c 254:0 rm


# fuse
#lxc.cgroup.devices.allow = c 10:229 rwm

# tun
#lxc.cgroup.devices.allow = c 10:200 rwm

# kvm
#lxc.cgroup.devices.allow = c 10:232 rwm

# mini

#### Device ####
lxc.cgroup.devices.deny = a
# null, zero, full
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
# consoles, ptmx, /dev/pty/0 1 2 ....
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
# random, urandom
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
# tty, tty0, tty1 ...
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rm

相關:

http://datahunter.org/lxc_console

»
  • 瀏覽次數: 111278

Creative Commons license icon Creative Commons license icon