projects / lxc.git / blame
| Commit | Line | Data |
|---|---|---|
| f49c89ac WB |
1 | # This derives from the global common config |
| 2 | lxc.include = @LXCTEMPLATECONFIG@/common.conf | |
| 3 | ||
| 4 | # Default mount entries | |
| 5 | lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0 | |
| 6 | lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0 | |
| 7 | lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0 | |
| 8 | lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0 | |
| 9 | ||
| 10 | # When using LXC with apparmor, the container will be confined by default. | |
| 11 | # If you wish for it to instead run unconfined, copy the following line | |
| 12 | # (uncommented) to the container's configuration file. | |
| 13 | #lxc.apparmor.profile = unconfined | |
| 14 | ||
| 15 | # Uncomment the following line to autodetect squid-deb-proxy configuration on the | |
| 16 | # host and forward it to the guest at start time. | |
| 17 | #lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client | |
| 18 | ||
| 19 | # If you wish to allow mounting block filesystems, then use the following | |
| 20 | # line instead, and make sure to grant access to the block device and/or loop | |
| 21 | # devices below in lxc.cgroup.devices.allow. | |
| 22 | #lxc.apparmor.profile = lxc-container-default-with-mounting | |
| 23 | ||
| 24 | # Extra cgroup device access | |
| 25 | ## rtc | |
| 26 | lxc.cgroup.devices.allow = c 254:0 rm | |
| 27 | ## tun | |
| 28 | lxc.cgroup.devices.allow = c 10:200 rwm | |
| 29 | ## hpet | |
| 30 | lxc.cgroup.devices.allow = c 10:228 rwm | |
| 31 | ## kvm | |
| 32 | lxc.cgroup.devices.allow = c 10:232 rwm | |
| 33 | ## To use loop devices, copy the following line to the container's | |
| 34 | ## configuration file (uncommented). | |
| 35 | #lxc.cgroup.devices.allow = b 7:* rwm |