On Fri, 2015-10-30 at 09:15 +0900, Daniel P. Berrange wrote:
NB in containers we have two PTYs involved. The libvirt_lxc process opens one pty in the host context and that is used to communicate between virsh console & libvirt_lxc. The libvirt_lxc process opens one pty in the guest context and that is used to commnuicate between libvirt_lxc and the container master console. Libvirt_lxc forwards data between the two PTYs.
So, yes, it is normal for libvirt_lxc to access /dev/ptmx to create a new master PTY and to read/write to /dev/pts/NN associated with the file descriptor retrieved from /dev/ptmx.
After checking more carefully, all rules are already in the profile... and are concerning the qemu builder. I haven't checked if it happens with lxc yet. The question now is why does it happen with virt-sandbox and not with a normal libvirt qemu domain. -- Cedric