Skip to content

L
lxc
Commit 5ddd9505 by Stéphane Graber Committed by dlezcano
Options

Ubuntu template: some tweaks

Allow mknod (fixing udev upgrades) and drop mac_override and mac_admin from lxc.cap.drop as apparmor has/will have support for namespaces Signed-off-by: 's avatarDaniel Lezcano <dlezcano@fr.ibm.com>
parent a2dea4ea
Showing with 4 additions and 1 deletion
templates/lxc-ubuntu.in
...@@ -179,9 +179,12 @@ lxc.pts = 1024 ...@@ -179,9 +179,12 @@ lxc.pts = 1024
lxc.rootfs = $rootfs lxc.rootfs = $rootfs
lxc.mount = $path/fstab lxc.mount = $path/fstab
lxc.arch = $arch lxc.arch = $arch
lxc.cap.drop = sys_module mac_override mac_admin lxc.cap.drop = sys_module
lxc.cgroup.devices.deny = a lxc.cgroup.devices.deny = a
# Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
# /dev/null and zero # /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm lxc.cgroup.devices.allow = c 1:5 rwm
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment