gentoo: Add basic userns config

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

gentoo: Add basic userns config
705bfae0 · Stéphane Graber · 1609f0fb · 705bfae0 · 705bfae0 · 705bfae0
Commit 705bfae0 authored Jan 28, 2014 by Stéphane Graber
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 0 deletions

Makefile.am config/templates/Makefile.am +1 -0

gentoo.userns.conf.in config/templates/gentoo.userns.conf.in +16 -0

configure.ac configure.ac +1 -0

No files found.
--- a/config/templates/Makefile.am
+++ b/config/templates/Makefile.am
@@ -9,6 +9,7 @@ templatesconfig_DATA = \
 	fedora.userns.conf \
 	gentoo.common.conf \
 	gentoo.moresecure.conf \
+	gentoo.userns.conf \
 	oracle.common.conf \
 	oracle.userns.conf \
 	plamo.common.conf \

--- a/config/templates/gentoo.userns.conf.in
+++ b/config/templates/gentoo.userns.conf.in
+# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
+lxc.cgroup.devices.deny =
+lxc.cgroup.devices.allow =
+# We can't move bind-mounts, so don't use /dev/lxc/
+lxc.devttydir =
+# Extra bind-mounts for userns
+lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
+lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
+lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
+lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
+# Extra fstab entries as mountall can't mount those by itself
+lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
+lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
--- a/configure.ac
+++ b/configure.ac
@@ -570,6 +570,7 @@ AC_CONFIG_FILES([
 	config/templates/fedora.userns.conf
 	config/templates/gentoo.common.conf
 	config/templates/gentoo.moresecure.conf
+	config/templates/gentoo.userns.conf
 	config/templates/oracle.common.conf
 	config/templates/oracle.userns.conf
 	config/templates/plamo.common.conf