On Fri, 2015-10-30 at 09:15 +0900, Daniel P. Berrange wrote:
So, yes, it is normal for libvirt_lxc to access /dev/ptmx to create a new master PTY and to read/write to /dev/pts/NN associated with the file descriptor retrieved from /dev/ptmx.
After some more debugging and help from jjohansen, the problem happens to be this commit: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d0d4b8ad76d3e8a859ee90701a2... When having the not-so-silly idea to mount the host / readonly in a qemu guest (like what virt-sandbox is doing), we are adding a "deny /** w" rule taking precedence over all rules giving write access to files inside that path. Would there be a clean solution for that problem? I can already teach virt-sandbox to add the host / mount only if there is nothing else to be mounted as /, but that wouldn't cover all cases. -- Cedric