From 35b8225da63fdc1cf944533eff8df6b22442b738 Mon Sep 17 00:00:00 2001 From: Tanya Degurechaff <34323200+TanyaEleventhGoddess@users.noreply.github.com> Date: Sat, 4 Jul 2020 15:51:55 +0200 Subject: [PATCH] Add common & userns Devuan LXC configs Signed-off-by: Tanya Degurechaff <34323200+TanyaEleventhGoddess@users.noreply.github.com> --- config/devuan.common.conf.in | 28 ++++++++++++++++++++++++++++ config/devuan.userns.conf.in | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 config/devuan.common.conf.in create mode 100644 config/devuan.userns.conf.in diff --git a/config/devuan.common.conf.in b/config/devuan.common.conf.in new file mode 100644 index 0000000..4e6a6e6 --- /dev/null +++ b/config/devuan.common.conf.in @@ -0,0 +1,28 @@ +# This derives from the global common config +lxc.include = @LXCTEMPLATECONFIG@/common.conf + +# Doesn't support consoles in /dev/lxc/ +lxc.tty.dir = + +# When using LXC with apparmor, the container will be confined by default. +# If you wish for it to instead run unconfined, copy the following line +# (uncommented) to the container's configuration file. +#lxc.apparmor.profile = unconfined + +# If you wish to allow mounting block filesystems, then use the following +# line instead, and make sure to grant access to the block device and/or loop +# devices below in lxc.cgroup.devices.allow. +#lxc.apparmor.profile = lxc-container-default-with-mounting + +# Extra cgroup device access +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm diff --git a/config/devuan.userns.conf.in b/config/devuan.userns.conf.in new file mode 100644 index 0000000..707bb30 --- /dev/null +++ b/config/devuan.userns.conf.in @@ -0,0 +1,2 @@ +# This derives from the global userns config +lxc.include = @LXCTEMPLATECONFIG@/userns.conf