0

If I add --device=/dev/kvm to the docker run command, I can access KVM. But is it also possible to do it without that parameter?

The reason I ask is because I recently found out I can access /dev/net/tun without specifying it as a --device just by using the mknod command to create that file from inside the container.

I hope its also possible to create /dev/kvm using mknod but I don't know how.

Maestro
  • 9,046
  • 15
  • 83
  • 116

1 Answers1

1

Have you tried mknod kvm c 10 232 ? you can find the major and minor number of any device by running ls -al /dev

EmilioPeJu
  • 361
  • 1
  • 5
  • I tried it, but it doesn't work. Seems like you cannot automaticly create it in the container like with /dev/net/tun. – Maestro Apr 22 '23 at 00:53
  • In what way does it fail? – EmilioPeJu Apr 22 '23 at 09:01
  • QEMU fails to start, complaining about no permissions for the KVM device. I already tried chmod 777 on /dev/kvm, but it made no difference. Maybe the reason that it works for /dev/net/tun is that the container is running with the NET_ADMIN capability. So from that POV it would be weird if I was able to access KVM without any privileges. – Maestro Apr 22 '23 at 16:16