Linux Containers are not allowed to create device nodes.
This needs to be done before the container starts. Turning off the mknod capability is noticed by systemd, which will no longer attempt to create device nodes. This eliminates SELinux AVC messages and ugly failure messages in the journal. (cherry picked from commit 2e03b08e)
Showing
想要评论请 注册 或 登录