On Fri, 2015-10-30 at 09:15 +0900, Daniel P. Berrange wrote:
NB in containers we have two PTYs involved. The libvirt_lxc process
opens one pty in the host context and that is used to communicate
between virsh console & libvirt_lxc. The libvirt_lxc process opens
one pty in the guest context and that is used to commnuicate between
libvirt_lxc and the container master console. Libvirt_lxc forwards
data between the two PTYs.
So, yes, it is normal for libvirt_lxc to access /dev/ptmx to create
a new master PTY and to read/write to /dev/pts/NN associated with
the file descriptor retrieved from /dev/ptmx.
After checking more carefully, all rules are already in the profile...
and are concerning the qemu builder. I haven't checked if it happens
with lxc yet.
The question now is why does it happen with virt-sandbox and not with a
normal libvirt qemu domain.
--
Cedric