Hello, I just recognized that my original mail was HTML-formatted. I am really sorry for that... (the reason for that mistake was that I used the web interface of my mail-provider) I assume that this was the reason that I didn't got any answer. So I resend the question with this mail without any HTML-formating hoping that someone can help me :) (As you may see I am pretty new to this mailing list. Thus I hope that i am not violating the etiquette of this mailing list...)
The original mail: Hello, Currently I try to create an lxc-application container which needs access to a GPIO. The GPIO can be accessed over the sysfs: /sys/class/gpio The container will be executed with lxc-execute (for development I mounted the whole bin directory into the container in order to start a bash): sudo lxc-execute -n gpio-client -f /var/proj/gpio-client/lxc.conf -- bin/bash When I do that with a privileged container everything is fine. I can access the gpio (export/unexport and read/write) without any problems. Here are the mount entries of lxc.conf for that: lxc.rootfs = /var/proj/gpio-client/rootfs # mount needed directories from host lxc.mount.entry=/lib lib none ro,bind 0 0 lxc.mount.entry=/sys/class/gpio sys/class/gpio none rw,bind 0 0 lxc.mount.entry=/sys/devices sys/devices none rw,bind 0 0 lxc.mount.entry=/usr/lib usr/lib none ro,bind 0 0 lxc.mount.entry=/bin bin none ro,bind 0 0 But when I add a uid/gid-mapping like the following it doesn't work any longer: lxc.id_map = u 0 1000000 65536 lxc.id_map = g 0 1000000 65536 I also added the entries in /etc/subuid and /etc/subgid. Further I changed the group of /sys/class/gpio (and its subdirectories) to a new group called "gpio": zedboard-zynq7:/sys/class/gpio$ ls -l total 0 --w-rw---- 1 root gpio 4096 Feb 20 12:48 export lrwxrwxrwx 1 root gpio 0 Feb 20 12:43 gpio890 -> ../../devices/gpiochip2/gpio/gpio890 lrwxrwxrwx 1 root gpio 0 Feb 20 12:48 gpio898 -> ../../devices/gpiochip1/gpio/gpio898 lrwxrwxrwx 1 root gpio 0 Feb 20 12:41 gpiochip890 -> ../../devices/gpiochip2/gpio/gpiochip890 lrwxrwxrwx 1 root gpio 0 Feb 20 12:41 gpiochip898 -> ../../devices/gpiochip1/gpio/gpiochip898 lrwxrwxrwx 1 root gpio 0 Feb 20 12:41 gpiochip906 -> ../../devices/soc0/amba/e000a000.gpio/gpio/gpiochip906 --w-rw---- 1 root gpio 4096 Feb 20 12:41 unexport I created a user gpio-user with the uid 1000000 which was added to the group gpio. When I login as gpio-user I am able to access gpios. But when I execute the (now unprivileged) application-container I cannot access the gpios any longer. From the bash inside the container I can see that the direcotry /sys/class/gpio (and its subdirs) has a completly different owner/group: zedboard-zynq7:/var/proj/gpio-client$ sudo lxc-execute -n gpio-client -f /var/proj/gpio-client/lxc.conf -- bin/bash init.lxc.static: initutils.c: mount_fs: 36 failed to mount /proc : Operation not permitted init.lxc.static: initutils.c: mount_fs: 36 failed to mount /dev/mqueue : No such device bash: cannot set terminal process group (1): Inappropriate ioctl for device bash: no job control in this shell bash-4.3# cd /sys/class/ bash-4.3# ls -l total 0 drwxrwxr-x 2 65534 65534 0 Feb 20 12:48 gpio I hope you can give me some advise of how to solve the problem Best regards Sebastian Schwanewilms _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
