© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Reading through the links from Cory and Ian makes it clear that doing so is poking lots of holes in the security of containers. Specifically, the pool of loopback devices is shared on the host, and by default LXD isn't allowed to mount them (there is a security risk of mounting arbitrary filesystems, because you are passing untrusted data directly to the kernel.)
I think we *could* implement support for this by allocating a blob on the host machine, and then turning that into a loop device, and then passing the loop device into the container.
However, while we *can* work through all the details of doing so in a safe fashion, I'd wonder if it is worth the time to implement it. Do we have a *production* case where we want to support block devices in LXD containers? Or is it just "I want to play with a charm that could use a block storage".
It seems like it could definitely be worth giving a better error message "block storage not supported on LXD", but unless we have real use cases, I'd rather not spend a bunch of time getting it right, only to never have it be actively used.