diff --git a/ChangeLog b/ChangeLog
index f92090cb3e..d3b85dac8c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Oct 21 09:19:24 PDT 2008 Dan Smith <danms@us.ibm.com>
+	* src/cgroup.c src/cgroup.h: Add function to allow major device range
+	* src/lxc_container.h src/controller.c: Fix cgroup initialization
+	  order and fix /dev/pts cgroup permission
+
 Tue Oct 21 16:25:22 CEST 2008 Daniel Veillard <veillard@redhat.com>
 
 	* HACKING: update with some rules for commiters
diff --git a/src/cgroup.c b/src/cgroup.c
index 36e2907b03..f70bee27c6 100644
--- a/src/cgroup.c
+++ b/src/cgroup.c
@@ -761,6 +761,36 @@ out:
     return rc;
 }
 
+/**
+ * virCgroupAllowDeviceMajor:
+ *
+ * @group: The cgroup to allow an entire device major type for
+ * @type: The device type (i.e., 'c' or 'b')
+ * @major: The major number of the device type
+ *
+ * Returns: 0 on success
+ */
+int virCgroupAllowDeviceMajor(virCgroupPtr group,
+                              char type,
+                              int major)
+{
+    int rc;
+    char *devstr = NULL;
+
+    if (asprintf(&devstr, "%c %i:* rwm", type, major) == -1) {
+        rc = -ENOMEM;
+        goto out;
+    }
+
+    rc = virCgroupSetValueStr(group,
+                              "devices.allow",
+                              devstr);
+ out:
+    VIR_FREE(devstr);
+
+    return rc;
+}
+
 int virCgroupSetCpuShares(virCgroupPtr group, unsigned long shares)
 {
     return virCgroupSetValueU64(group, "cpu.shares", (uint64_t)shares);
diff --git a/src/cgroup.h b/src/cgroup.h
index 193da63f4e..db68bace76 100644
--- a/src/cgroup.h
+++ b/src/cgroup.h
@@ -35,6 +35,9 @@ int virCgroupAllowDevice(virCgroupPtr group,
                          char type,
                          int major,
                          int minor);
+int virCgroupAllowDeviceMajor(virCgroupPtr group,
+                              char type,
+                              int major);
 
 int virCgroupSetCpuShares(virCgroupPtr group, unsigned long shares);
 int virCgroupGetCpuShares(virCgroupPtr group, unsigned long *shares);
diff --git a/src/lxc_container.h b/src/lxc_container.h
index 12db80f167..5d037b0602 100644
--- a/src/lxc_container.h
+++ b/src/lxc_container.h
@@ -40,6 +40,8 @@ enum {
 #define LXC_DEV_MAJ_TTY     5
 #define LXC_DEV_MIN_CONSOLE 1
 
+#define LXC_DEV_MAJ_PTY     136
+
 int lxcContainerSendContinue(int control);
 
 int lxcContainerStart(virDomainDefPtr def,
diff --git a/src/lxc_controller.c b/src/lxc_controller.c
index c3eca37a9a..58c772e54a 100644
--- a/src/lxc_controller.c
+++ b/src/lxc_controller.c
@@ -103,6 +103,10 @@ static int lxcSetContainerResources(virDomainDefPtr def)
             goto out;
     }
 
+    rc = virCgroupAllowDeviceMajor(cgroup, 'c', LXC_DEV_MAJ_PTY);
+    if (rc != 0)
+        goto out;
+
     rc = virCgroupAddTask(cgroup, getpid());
 out:
     if (rc != 0) {
@@ -449,6 +453,9 @@ lxcControllerRun(virDomainDefPtr def,
         goto cleanup;
     }
 
+    if (lxcSetContainerResources(def) < 0)
+        goto cleanup;
+
     if ((container = lxcContainerStart(def,
                                        nveths,
                                        veths,
@@ -461,9 +468,6 @@ lxcControllerRun(virDomainDefPtr def,
     if (lxcControllerMoveInterfaces(nveths, veths, container) < 0)
         goto cleanup;
 
-    if (lxcSetContainerResources(def) < 0)
-        goto cleanup;
-
     if (lxcContainerSendContinue(control[0]) < 0)
         goto cleanup;