31 Jan
2018
31 Jan
'18
5:57 a.m.
On Wed, Jan 31, 2018 at 6:18 AM, Daniel P. Berrangé <berrange@redhat.com> wrote:
That config makes the filesystem containing the device node visible, but does not grant access to device nodes themselves.
You instead need device passthrough
<hostdev mode='capabilities' type='misc'> <source> <char>/dev/net/tun</char> </source> </hostdev>
Just tried adding the suggested <hostdev> snippet but /dev/net/tun is still not accessible: $ cat /dev/net/tun cat: /dev/net/tun: Operation not permitted Where outside the container or when in LXD or systemd-nspawn I see: $ cat /dev/net/tun cat: /dev/net/tun: File descriptor in bad state (Which is the expected output)