mknod "Operation not permitted" in LXC with attached HW block device

chinky

New Member
Feb 16, 2020
1
0
1
49
I want to passthrough my /dev/sdb to a LXC container . But return failed when start the container.see the log file,retun "Operation not permitted "
Code:
lxc-start 410 20200216152042.246 DEBUG    conf - conf.c:run_buffer:340 - Script exec /var/lib/lxc/410/mount-hook.sh 410 lxc autodev produced output: mknod:
lxc-start 410 20200216152042.246 DEBUG    conf - conf.c:run_buffer:340 - Script exec /var/lib/lxc/410/mount-hook.sh 410 lxc autodev produced output: /usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/sda
lxc-start 410 20200216152042.246 DEBUG    conf - conf.c:run_buffer:340 - Script exec /var/lib/lxc/410/mount-hook.sh 410 lxc autodev produced output: : Operation not permitted
lxc-start 410 20200216152042.246 DEBUG    conf - conf.c:run_buffer:340 - Script exec /var/lib/lxc/410/mount-hook.sh 410 lxc autodev produced output:
lxc-start 410 20200216152042.248 DEBUG    conf - conf.c:run_buffer:340 - Script exec /var/lib/lxc/410/mount-hook.sh 410 lxc autodev produced output: mknod:
lxc-start 410 20200216152042.248 DEBUG    conf - conf.c:run_buffer:340 - Script exec /var/lib/lxc/410/mount-hook.sh 410 lxc autodev produced output: /usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/sda1
lxc-start 410 20200216152042.248 DEBUG    conf - conf.c:run_buffer:340 - Script exec /var/lib/lxc/410/mount-hook.sh 410 lxc autodev produced output: : Operation not permitted

--------------------------------------------------------------------------------------------------------------------------
Here are my steps :
( I obtain a cooking receipt from here: https://forum.proxmox.com/threads/o...n-in-lxc-with-attached-hw-block-device.29918/ --Step 3)
  1. in ProxmoxVE shell type this commands:
Bash:
# ls -al /dev/sdb
brw-rw---- 1 root disk 8, 16 Feb 15 18:01 /dev/sdb
2. here is my config file /etc/pve/lxc/410.conf:

Code:
arch: amd64
cores: 1
hostname: ct-alpine
memory: 1024
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.8.42,hwaddr=86:9F:94:28:C0:0C,ip=192.168.8.43/24,ip6=dhcp,type=veth
ostype: alpine
rootfs: local-lvm:vm-410-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.cgroup.devices.allow: b 8:16 rwm
lxc.cgroup.devices.allow: b 8:17 rwm
lxc.autodev: 1
lxc.hook.autodev: /var/lib/lxc/410/mount-hook.sh
lxc.log.level: 1
lxc.log.file: /var/lib/lxc/410/410.log
3. here is /var/lib/lxc/410/mount-hook.sh :
Code:
#!/bin/sh
echo LXC_ROOTFS_MOUNT=${LXC_ROOTFS_MOUNT}

mknod -m 777 ${LXC_ROOTFS_MOUNT}/dev/sda b  8 16
mknod -m 777 ${LXC_ROOTFS_MOUNT}/dev/sda1 b 8 17
4. here is pveversion
Code:
# pveversion -v
proxmox-ve: 6.1-2 (running kernel: 5.3.18-1-pve)
pve-manager: 6.1-7 (running version: 6.1-7/13e58d5e)
pve-kernel-5.3: 6.1-4
pve-kernel-helper: 6.1-4
pve-kernel-5.3.18-1-pve: 5.3.18-1
pve-kernel-5.3.10-1-pve: 5.3.10-1
ceph-fuse: 12.2.11+dfsg1-2.1+b1
corosync: 3.0.3-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.14-pve1
libpve-access-control: 6.0-6
libpve-apiclient-perl: 3.0-3
libpve-common-perl: 6.0-12
libpve-guest-common-perl: 3.0-3
libpve-http-server-perl: 3.0-4
libpve-storage-perl: 6.1-4
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 3.2.1-1
lxcfs: 3.0.3-pve60
novnc-pve: 1.1.0-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.1-3
pve-cluster: 6.1-4
pve-container: 3.0-19
pve-docs: 6.1-4
pve-edk2-firmware: 2.20191127-1
pve-firewall: 4.0-10
pve-firmware: 3.0-5
pve-ha-manager: 3.0-8
pve-i18n: 2.0-4
pve-qemu-kvm: 4.1.1-2
pve-xtermjs: 4.3.0-1
qemu-server: 6.1-5
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-1
zfsutils-linux: 0.8.3-pve1
-----------------------------------------------------------------------------------

What am I doing wrong?
 

Attachments

Unprivileged containers cannot use `mknod`, you need to bind mount the devices instead.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!