forked from neil/lxc-templates
25 lines
736 B
Plaintext
25 lines
736 B
Plaintext
|
# This derives from the global common config.
|
||
|
lxc.include = @LXCTEMPLATECONFIG@/common.conf
|
||
|
|
||
|
# Doesn't support consoles in /dev/lxc/.
|
||
|
lxc.tty.dir =
|
||
|
|
||
|
# Drop another (potentially) harmful capabilities.
|
||
|
lxc.cap.drop = audit_write
|
||
|
lxc.cap.drop = ipc_owner
|
||
|
lxc.cap.drop = mknod
|
||
|
lxc.cap.drop = setpcap
|
||
|
lxc.cap.drop = sys_nice
|
||
|
lxc.cap.drop = sys_pacct
|
||
|
lxc.cap.drop = sys_rawio
|
||
|
lxc.cap.drop = sys_resource
|
||
|
lxc.cap.drop = sys_tty_config
|
||
|
lxc.cap.drop = syslog
|
||
|
lxc.cap.drop = wake_alarm
|
||
|
|
||
|
# Mount /run as tmpfs.
|
||
|
lxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0
|
||
|
|
||
|
# Mount /dev/shm as tmpfs; needed for building python and possibly other packages.
|
||
|
lxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
|