]>
Commit | Line | Data |
---|---|---|
6515faa1 JJ |
1 | # This derives from the global common config. |
2 | lxc.include = @LXCTEMPLATECONFIG@/common.conf | |
3 | ||
4 | # Doesn't support consoles in /dev/lxc/. | |
42e53c29 | 5 | lxc.tty.dir = |
6515faa1 JJ |
6 | |
7 | # Drop another (potentially) harmful capabilities. | |
8 | lxc.cap.drop = audit_write | |
9 | lxc.cap.drop = ipc_owner | |
10 | lxc.cap.drop = mknod | |
6515faa1 JJ |
11 | lxc.cap.drop = setpcap |
12 | lxc.cap.drop = sys_nice | |
13 | lxc.cap.drop = sys_pacct | |
14 | lxc.cap.drop = sys_ptrace | |
15 | lxc.cap.drop = sys_rawio | |
16 | lxc.cap.drop = sys_resource | |
17 | lxc.cap.drop = sys_tty_config | |
18 | lxc.cap.drop = syslog | |
19 | lxc.cap.drop = wake_alarm | |
b5caaaa5 | 20 | |
48938fe7 | 21 | # Mount /run as tmpfs. |
b5caaaa5 | 22 | lxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0 |
48938fe7 JJ |
23 | |
24 | # Mount /dev/shm as tmpfs; needed for building python and possibly other packages. | |
25 | lxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0 |