forked from neil/lxc-templates
36 lines
1.4 KiB
Plaintext
36 lines
1.4 KiB
Plaintext
|
# This derives from the global common config
|
||
|
lxc.include = @LXCTEMPLATECONFIG@/common.conf
|
||
|
|
||
|
# Default mount entries
|
||
|
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
|
||
|
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
|
||
|
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
|
||
|
lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0
|
||
|
|
||
|
# When using LXC with apparmor, the container will be confined by default.
|
||
|
# If you wish for it to instead run unconfined, copy the following line
|
||
|
# (uncommented) to the container's configuration file.
|
||
|
#lxc.apparmor.profile = unconfined
|
||
|
|
||
|
# Uncomment the following line to autodetect squid-deb-proxy configuration on the
|
||
|
# host and forward it to the guest at start time.
|
||
|
#lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client
|
||
|
|
||
|
# If you wish to allow mounting block filesystems, then use the following
|
||
|
# line instead, and make sure to grant access to the block device and/or loop
|
||
|
# devices below in lxc.cgroup.devices.allow.
|
||
|
#lxc.apparmor.profile = lxc-container-default-with-mounting
|
||
|
|
||
|
# Extra cgroup device access
|
||
|
## rtc
|
||
|
lxc.cgroup.devices.allow = c 254:0 rm
|
||
|
## tun
|
||
|
lxc.cgroup.devices.allow = c 10:200 rwm
|
||
|
## hpet
|
||
|
lxc.cgroup.devices.allow = c 10:228 rwm
|
||
|
## kvm
|
||
|
lxc.cgroup.devices.allow = c 10:232 rwm
|
||
|
## To use loop devices, copy the following line to the container's
|
||
|
## configuration file (uncommented).
|
||
|
#lxc.cgroup.devices.allow = b 7:* rwm
|