Devices access on Unprivileged LXC 3 Container


(Bitmap Kid) #1

Hello
I’m using an unprivileged lxc3 container launching by user.

Inside it, I use Virtualbox. Virtualbox need /dev/vboxdrv.

My config is the following :

lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.mount.entry = /dev/vboxdrv dev/vboxdrv none bind,create=file 0 0
lxc.cgroup.devices.allow = c 10:57 rwm

I can’t use Virtualbox if before launching my container I don’t set

chmod 777 /dev/vboxdrv on my host.

Perhaps, you have understand I have no problem. Everything work fine, but I find my solution little bit unsecure both for my host and guest.

Is there an elegant way to do that ?

Thank you !