@ brauner

Thx for your continuous help.

I have upgraded lxd to 3.8, I had used lxc init to generate the config. So, don’t see any lxc.include lines as you mentioned.

Also, i modify my config from gentoo /var/lib/lxc/app1/config as the following as your suggestion:

#lxc.cap.drop = sys_module
#lxc.cap.drop = mac_admin
#lxc.cap.drop = mac_override
#lxc.cap.drop = sys_time
lxc.cap.keep = sys_rawio —> add this line

I am able to see the added line, but i am not able to see thru cmd:

lxc config show app1

Could you let me know if it is possible to see /dev/sys, /dev/mem, /dev/proc for host from container? Or we are able to map /dev/sys, /dev/mem, /dev/proc for host into container.

This is very important because my customer’s application need generate certificate thru dmidecode.
I will let my customer know if this is not possible from theory.

Thx in advance!