How can I passthrough /dev/mem into lxc

You need first to make one
dd if=/dev/urandom of=/dev/mem bs=1024 count=1000000
After that everything will work as you want xD
 
You can't passthrough memory in short. Not even a region. But you can increase memory for the lxc Container.
 
Can you please post the full container configuration you used?

This is most likely only a privilege issue, you need a privileged CT and lxc.apparmor.profile = unconfined (obv. don't do that if you do not trust the user(s) and software controlling that CT) - there may be a less "allowing" profile, but for a sure bet unconfined should work.
 
  • Like
Reactions: Ramalama
t.lamprecht said:
Can you please post the full container configuration you used?
Click to expand...

I'm use priveleged ct.

Bash: 
arch: amd64
cores: 2
features: fuse=1,mknod=1,nesting=1
hostname: host
memory: 2048
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=52:C3:CE:EF:A1:B6,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-zfs:subvol-100-disk-1,size=8G
swap: 512
lxc.cgroup.devices.allow: c 1:* rwm
lxc.mount.entry: /dev/mem dev/mem  none bind,optional,create=file 0 0
lxc.apparmor.profile = unconfined

nothing work.
cat /dev/mem - Operation not permitted :(
 
Last edited:
beside the devices cgroup, apparmor and possible `nodev` mount flags this also needs `CAP_SYS_RAWIO` which is dropped by default for containers, you can add an empty `lxc.cap.drop` line to the config to clear the dropped capability list then add a 2nd such line with the default entries you find in `/usr/share/lxc/config/common.conf` without the rawio entry. but note that this enables a wider range of capabilities (which you'll find in under CAP_SYS_RAWIO in the capabilities(7) manpage).
But there will be dragons.
 
You must log in or register to reply here.
Top Bottom