forked from neil/lxc-templates
73de1660d4
capability required e.g. by strongswan Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
24 lines
713 B
Plaintext
24 lines
713 B
Plaintext
# This derives from the global common config.
|
|
lxc.include = @LXCTEMPLATECONFIG@/common.conf
|
|
|
|
# Doesn't support consoles in /dev/lxc/.
|
|
lxc.tty.dir =
|
|
|
|
# Drop another (potentially) harmful capabilities.
|
|
lxc.cap.drop = audit_write
|
|
lxc.cap.drop = ipc_owner
|
|
lxc.cap.drop = mknod
|
|
lxc.cap.drop = sys_nice
|
|
lxc.cap.drop = sys_pacct
|
|
lxc.cap.drop = sys_rawio
|
|
lxc.cap.drop = sys_resource
|
|
lxc.cap.drop = sys_tty_config
|
|
lxc.cap.drop = syslog
|
|
lxc.cap.drop = wake_alarm
|
|
|
|
# Mount /run as tmpfs.
|
|
lxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0
|
|
|
|
# Mount /dev/shm as tmpfs; needed for building python and possibly other packages.
|
|
lxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
|