]>
Commit | Line | Data |
---|---|---|
8a67a2b2 | 1 | <!-- |
2 | ||
3 | lxc: linux Container library | |
4 | ||
5 | (C) Copyright IBM Corp. 2007, 2008 | |
6 | ||
7 | Authors: | |
8 | Daniel Lezcano <dlezcano at fr.ibm.com> | |
9 | ||
10 | This library is free software; you can redistribute it and/or | |
11 | modify it under the terms of the GNU Lesser General Public | |
12 | License as published by the Free Software Foundation; either | |
13 | version 2.1 of the License, or (at your option) any later version. | |
14 | ||
15 | This library is distributed in the hope that it will be useful, | |
16 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | Lesser General Public License for more details. | |
19 | ||
20 | You should have received a copy of the GNU Lesser General Public | |
21 | License along with this library; if not, write to the Free Software | |
22 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
23 | ||
24 | --> | |
25 | ||
99e4008c MN |
26 | <!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [ |
27 | ||
28 | <!ENTITY seealso SYSTEM "@builddir@/see_also.sgml"> | |
29 | ]> | |
8a67a2b2 | 30 | |
31 | <refentry> | |
32 | ||
33 | <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo> | |
34 | ||
35 | <refmeta> | |
36 | <refentrytitle>lxc.conf</refentrytitle> | |
37 | <manvolnum>5</manvolnum> | |
38 | </refmeta> | |
39 | ||
40 | <refnamediv> | |
41 | <refname>lxc.conf</refname> | |
42 | ||
43 | <refpurpose> | |
44 | linux container configuration file | |
45 | </refpurpose> | |
46 | </refnamediv> | |
47 | ||
48 | <refsect1> | |
49 | <title>Description</title> | |
50 | ||
51 | <para> | |
52 | The linux containers (<command>lxc</command>) are always created | |
53 | before being used. This creation defines a set of system | |
54 | resources to be virtualized / isolated when a process is using | |
55 | the container. By default, the pids, sysv ipc and mount points | |
56 | are virtualized and isolated. The other system resources are | |
57 | shared across containers, until they are explicitly defined in | |
58 | the configuration file. For example, if there is no network | |
59 | configuration, the network will be shared between the creator of | |
60 | the container and the container itself, but if the network is | |
61 | specified, a new network stack is created for the container and | |
62 | the container can no longer use the network of its ancestor. | |
63 | </para> | |
64 | ||
65 | <para> | |
66 | The configuration file defines the different system resources to | |
67 | be assigned for the container. At present, the utsname, the | |
68 | network, the mount points, the root file system and the control | |
69 | groups are supported. | |
70 | </para> | |
71 | ||
72 | <para> | |
73 | Each option in the configuration file has the form <command>key | |
23a92fad | 74 | = value</command> fitting in one line. The '#' character means |
8a67a2b2 | 75 | the line is a comment. |
76 | </para> | |
77 | ||
78 | <refsect2> | |
79 | <title>Hostname</title> | |
80 | <para> | |
81 | The utsname section defines the hostname to be set for the | |
82 | container. That means the container can set its own hostname | |
83 | without changing the one from the system. That makes the | |
84 | hostname private for the container. | |
85 | </para> | |
86 | <variablelist> | |
87 | <varlistentry> | |
88 | <term> | |
89 | <option>lxc.utsname</option> | |
90 | </term> | |
91 | <listitem> | |
92 | <para> | |
93 | specify the hostname for the container | |
94 | </para> | |
95 | </listitem> | |
96 | </varlistentry> | |
97 | </variablelist> | |
98 | </refsect2> | |
99 | ||
100 | <refsect2> | |
101 | <title>Network</title> | |
102 | <para> | |
103 | The network section defines how the network is virtualized in | |
23a92fad PF |
104 | the container. The network virtualization acts at layer |
105 | two. In order to use the network virtualization, parameters | |
106 | must be specified to define the network interfaces of the | |
107 | container. Several virtual interfaces can be assigned and used | |
108 | in a container even if the system has only one physical | |
8a67a2b2 | 109 | network interface. |
110 | </para> | |
111 | <variablelist> | |
112 | <varlistentry> | |
113 | <term> | |
114 | <option>lxc.network.type</option> | |
115 | </term> | |
116 | <listitem> | |
117 | <para> | |
118 | specify what kind of network virtualization to be used | |
119 | for the container. Each time | |
120 | a <option>lxc.network.type</option> field is found a new | |
23a92fad PF |
121 | round of network configuration begins. In this way, |
122 | several network virtualization types can be specified | |
123 | for the same container, as well as assigning several | |
124 | network interfaces for one container. The different | |
8a67a2b2 | 125 | virtualization types can be: |
126 | </para> | |
127 | ||
128 | <para> | |
23a92fad | 129 | <option>empty:</option> will create only the loopback |
8a67a2b2 | 130 | interface. |
131 | </para> | |
132 | ||
133 | <para> | |
23a92fad PF |
134 | <option>veth:</option> a peer network device is created |
135 | with one side assigned to the container and the other | |
136 | side is attached to a bridge specified by | |
137 | the <option>lxc.network.link</option>. If the bridge is | |
138 | not specified, then the veth pair device will be created | |
139 | but not attached to any bridge. Otherwise, the bridge | |
140 | has to be setup before on the | |
141 | system, <command>lxc</command> won't handle any | |
142 | configuration outside of the container. By | |
e892973e DL |
143 | default <command>lxc</command> choose a name for the |
144 | network device belonging to the outside of the | |
145 | container, this name is handled | |
146 | by <command>lxc</command>, but if you wish to handle | |
147 | this name yourself, you can tell <command>lxc</command> | |
148 | to set a specific name with | |
149 | the <option>lxc.network.veth.pair</option> option. | |
150 | </para> | |
151 | ||
152 | <para> | |
23a92fad PF |
153 | <option>vlan:</option> a vlan interface is linked with |
154 | the interface specified by | |
e892973e DL |
155 | the <option>lxc.network.link</option> and assigned to |
156 | the container. The vlan identifier is specified with the | |
157 | option <option>lxc.network.vlan.id</option>. | |
8a67a2b2 | 158 | </para> |
159 | ||
160 | <para> | |
23a92fad PF |
161 | <option>macvlan:</option> a macvlan interface is linked |
162 | with the interface specified by | |
8a67a2b2 | 163 | the <option>lxc.network.link</option> and assigned to |
164 | the container. | |
e892973e DL |
165 | <option>lxc.network.macvlan.mode</option> specifies the |
166 | mode the macvlan will use to communicate between | |
167 | different macvlan on the same upper device. The accepted | |
168 | modes are <option>private</option>, the device never | |
169 | communicates with any other device on the same upper_dev (default), | |
170 | <option>vepa</option>, the new Virtual Ethernet Port | |
171 | Aggregator (VEPA) mode, it assumes that the adjacent | |
172 | bridge returns all frames where both source and | |
173 | destination are local to the macvlan port, i.e. the | |
174 | bridge is set up as a reflective relay. Broadcast | |
175 | frames coming in from the upper_dev get flooded to all | |
176 | macvlan interfaces in VEPA mode, local frames are not | |
177 | delivered locallay, or <option>bridge</option>, it | |
178 | provides the behavior of a simple bridge between | |
179 | different macvlan interfaces on the same port. Frames | |
180 | from one interface to another one get delivered directly | |
181 | and are not sent out externally. Broadcast frames get | |
182 | flooded to all other bridge ports and to the external | |
183 | interface, but when they come back from a reflective | |
184 | relay, we don't deliver them again. Since we know all | |
185 | the MAC addresses, the macvlan bridge mode does not | |
186 | require learning or STP like the bridge module does. | |
8a67a2b2 | 187 | </para> |
188 | ||
189 | <para> | |
23a92fad PF |
190 | <option>phys:</option> an already existing interface |
191 | specified by the <option>lxc.network.link</option> is | |
192 | assigned to the container. | |
8a67a2b2 | 193 | </para> |
194 | </listitem> | |
195 | </varlistentry> | |
196 | ||
197 | <varlistentry> | |
198 | <term> | |
199 | <option>lxc.network.flags</option> | |
200 | </term> | |
201 | <listitem> | |
202 | <para> | |
203 | specify an action to do for the | |
204 | network. | |
205 | </para> | |
206 | ||
207 | <para><option>up:</option> activates the interface. | |
208 | </para> | |
209 | </listitem> | |
210 | </varlistentry> | |
211 | ||
212 | <varlistentry> | |
213 | <term> | |
214 | <option>lxc.network.link</option> | |
215 | </term> | |
216 | <listitem> | |
217 | <para> | |
218 | specify the interface to be used for real network | |
219 | traffic. | |
220 | </para> | |
221 | </listitem> | |
222 | </varlistentry> | |
223 | ||
224 | <varlistentry> | |
225 | <term> | |
226 | <option>lxc.network.name</option> | |
227 | </term> | |
228 | <listitem> | |
229 | <para> | |
23a92fad PF |
230 | the interface name is dynamically allocated, but if |
231 | another name is needed because the configuration files | |
8a67a2b2 | 232 | being used by the container use a generic name, |
233 | eg. eth0, this option will rename the interface in the | |
234 | container. | |
235 | </para> | |
236 | </listitem> | |
237 | </varlistentry> | |
238 | ||
239 | <varlistentry> | |
240 | <term> | |
241 | <option>lxc.network.hwaddr</option> | |
242 | </term> | |
243 | <listitem> | |
244 | <para> | |
245 | the interface mac address is dynamically allocated by | |
23a92fad PF |
246 | default to the virtual interface, but in some cases, |
247 | this is needed to resolve a mac address conflict or to | |
248 | always have the same link-local ipv6 address | |
8a67a2b2 | 249 | </para> |
250 | </listitem> | |
251 | </varlistentry> | |
252 | ||
253 | <varlistentry> | |
254 | <term> | |
255 | <option>lxc.network.ipv4</option> | |
256 | </term> | |
257 | <listitem> | |
258 | <para> | |
259 | specify the ipv4 address to assign to the virtualized | |
260 | interface. Several lines specify several ipv4 addresses. | |
261 | The address is in format x.y.z.t/m, | |
262 | eg. 192.168.1.123/24. | |
263 | </para> | |
264 | </listitem> | |
265 | </varlistentry> | |
266 | ||
267 | <varlistentry> | |
268 | <term> | |
269 | <option>lxc.network.ipv6</option> | |
270 | </term> | |
271 | <listitem> | |
272 | <para> | |
273 | specify the ipv6 address to assign to the virtualized | |
274 | interface. Several lines specify several ipv6 addresses. | |
275 | The address is in format x::y/m, | |
276 | eg. 2003:db8:1:0:214:1234:fe0b:3596/64 | |
277 | </para> | |
278 | </listitem> | |
279 | </varlistentry> | |
280 | ||
281 | </variablelist> | |
282 | ||
283 | </refsect2> | |
284 | ||
341a091c | 285 | <refsect2> |
286 | <title>New pseudo tty instance (devpts)</title> | |
287 | <para> | |
288 | For stricter isolation the container can have its own private | |
289 | instance of the pseudo tty. | |
290 | </para> | |
291 | <variablelist> | |
292 | <varlistentry> | |
293 | <term> | |
294 | <option>lxc.pts</option> | |
295 | </term> | |
296 | <listitem> | |
297 | <para> | |
9f78081a | 298 | If set, the container will have a new pseudo tty |
299 | instance, making this private to it. The value specifies | |
300 | the maximum number of pseudo ttys allowed for a pts | |
301 | instance (this limitation is not implemented yet). | |
341a091c | 302 | </para> |
303 | </listitem> | |
304 | </varlistentry> | |
305 | </variablelist> | |
306 | </refsect2> | |
307 | ||
b0a33c1e | 308 | <refsect2> |
309 | <title>Console through the ttys</title> | |
310 | <para> | |
311 | If the container is configured with a root filesystem and the | |
312 | inittab file is setup to launch a getty on the ttys. This | |
313 | option will specify the number of ttys to be available for the | |
314 | container. The number of getty in the inittab file of the | |
23a92fad PF |
315 | container should not be greater than the number of ttys |
316 | specified in this configuration file, otherwise the excess | |
317 | getty sessions will die and respawn indefinitly giving | |
318 | annoying messages on the console. | |
b0a33c1e | 319 | </para> |
320 | <variablelist> | |
321 | <varlistentry> | |
322 | <term> | |
323 | <option>lxc.tty</option> | |
324 | </term> | |
325 | <listitem> | |
326 | <para> | |
327 | Specify the number of tty to make available to the | |
328 | container. | |
329 | </para> | |
330 | </listitem> | |
331 | </varlistentry> | |
332 | </variablelist> | |
333 | </refsect2> | |
334 | ||
8a67a2b2 | 335 | <refsect2> |
336 | <title>Mount points</title> | |
337 | <para> | |
338 | The mount points section specifies the different places to be | |
339 | mounted. These mount points will be private to the container | |
340 | and won't be visible by the processes running outside of the | |
341 | container. This is useful to mount /etc, /var or /home for | |
342 | examples. | |
343 | </para> | |
344 | <variablelist> | |
345 | <varlistentry> | |
346 | <term> | |
347 | <option>lxc.mount</option> | |
348 | </term> | |
349 | <listitem> | |
350 | <para> | |
351 | specify a file location in | |
352 | the <filename>fstab</filename> format, containing the | |
353 | mount informations. | |
354 | </para> | |
355 | </listitem> | |
356 | </varlistentry> | |
0f71d073 DL |
357 | |
358 | <varlistentry> | |
359 | <term> | |
360 | <option>lxc.mount.entry</option> | |
361 | </term> | |
362 | <listitem> | |
363 | <para> | |
364 | specify a mount point corresponding to a line in the | |
365 | fstab format. | |
366 | </para> | |
367 | </listitem> | |
368 | </varlistentry> | |
369 | ||
8a67a2b2 | 370 | </variablelist> |
371 | </refsect2> | |
372 | ||
373 | <refsect2> | |
374 | <title>Root file system</title> | |
375 | <para> | |
376 | The root file system is the location where the container will | |
377 | chroot. | |
378 | </para> | |
379 | <variablelist> | |
380 | <varlistentry> | |
381 | <term> | |
382 | <option>lxc.rootfs</option> | |
383 | </term> | |
384 | <listitem> | |
385 | <para> | |
386 | specify a file location containing the new file tree for | |
387 | a root file system. | |
388 | </para> | |
389 | </listitem> | |
390 | </varlistentry> | |
391 | </variablelist> | |
392 | </refsect2> | |
393 | ||
394 | <refsect2> | |
395 | <title>Control group</title> | |
396 | <para> | |
397 | The control group section contains the configuration for the | |
398 | different subsystem. <command>lxc</command> does not check the | |
23a92fad PF |
399 | correctness of the subsystem name. This has the disadvantage |
400 | of not detecting configuration errors until the container is | |
401 | started, but has the advantage of permitting any future | |
402 | subsystem. | |
8a67a2b2 | 403 | </para> |
404 | <variablelist> | |
405 | <varlistentry> | |
406 | <term> | |
998dc19a | 407 | <option>lxc.cgroup.[subsystem name]</option> |
8a67a2b2 | 408 | </term> |
409 | <listitem> | |
410 | <para> | |
23a92fad PF |
411 | specify the control group value to be set. The |
412 | subsystem name is the literal name of the control group | |
413 | subsystem. The permitted names and the syntax of their | |
414 | values is not dictated by LXC, instead it depends on the | |
415 | features of the Linux kernel running at the time the | |
416 | container is started, | |
8a67a2b2 | 417 | eg. <option>lxc.cgroup.cpuset.cpus</option> |
418 | </para> | |
419 | </listitem> | |
420 | </varlistentry> | |
421 | </variablelist> | |
422 | </refsect2> | |
423 | ||
81810dd1 DL |
424 | <refsect2> |
425 | <title>Capabilities</title> | |
426 | <para> | |
427 | The capabilities can be dropped in the container if this one | |
428 | is run as root. | |
429 | </para> | |
430 | <variablelist> | |
431 | <varlistentry> | |
432 | <term> | |
433 | <option>lxc.cap.drop</option> | |
434 | </term> | |
435 | <listitem> | |
436 | <para> | |
437 | Specify the capability to be dropped in the | |
438 | container. The format is the lower case of the | |
439 | capability definition without the "CAP_" prefix, | |
440 | eg. CAP_SYS_MODULE should be specified as | |
441 | sys_module. See | |
442 | <citerefentry> | |
443 | <refentrytitle><command>capabilities</command></refentrytitle> | |
444 | <manvolnum>7</manvolnum>. A single line defining | |
445 | several capabilities with a space separation is | |
446 | allowed. | |
447 | </citerefentry>, | |
448 | </para> | |
449 | </listitem> | |
450 | </varlistentry> | |
451 | </variablelist> | |
452 | </refsect2> | |
453 | ||
8a67a2b2 | 454 | </refsect1> |
455 | ||
456 | <refsect1> | |
457 | <title>Examples</title> | |
458 | <refsect2> | |
459 | <title>Network</title> | |
460 | <para>This configuration sets up a container to use a veth pair | |
461 | device with one side plugged to a bridge br0 (which has been | |
462 | configured before on the system by the administrator). The | |
463 | virtual network device visible in the container is renamed to | |
464 | eth0.</para> | |
465 | ||
466 | <variablelist> | |
467 | ||
468 | <varlistentry> | |
469 | <term>lxc.utsname = myhostname</term> | |
470 | <listitem><para></para></listitem> | |
471 | </varlistentry> | |
472 | ||
473 | <varlistentry> | |
474 | <term>lxc.network.type = veth</term> | |
475 | <listitem><para></para></listitem> | |
476 | </varlistentry> | |
477 | ||
478 | <varlistentry> | |
479 | <term>lxc.network.flags = up</term> | |
480 | <listitem><para></para></listitem> | |
481 | </varlistentry> | |
482 | ||
483 | <varlistentry> | |
484 | <term>lxc.network.link = br0</term> | |
485 | <listitem><para></para></listitem> | |
486 | </varlistentry> | |
487 | ||
488 | <varlistentry> | |
489 | <term>lxc.network.name = eth0</term> | |
490 | <listitem><para></para></listitem> | |
491 | </varlistentry> | |
492 | ||
493 | <varlistentry> | |
494 | <term>lxc.network.hwaddr = 4a:49:43:49:79:bf</term> | |
495 | <listitem><para></para></listitem> | |
496 | </varlistentry> | |
497 | ||
498 | <varlistentry> | |
499 | <term>lxc.network.ipv4 = 1.2.3.5/24</term> | |
500 | <listitem><para></para></listitem> | |
501 | </varlistentry> | |
502 | ||
503 | <varlistentry> | |
504 | <term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597</term> | |
505 | <listitem><para></para></listitem> | |
506 | </varlistentry> | |
507 | ||
508 | </variablelist> | |
509 | ||
510 | </refsect2> | |
511 | ||
512 | <refsect2> | |
513 | <title>Control group</title> | |
514 | <para>This configuration will setup several control groups for | |
515 | the application, cpuset.cpus restricts usage of the defined cpu, | |
516 | cpus.share prioritize the control group, devices.allow makes | |
517 | usable the specified devices.</para> | |
518 | ||
519 | <variablelist> | |
520 | <varlistentry> | |
521 | <term>lxc.cgroup.cpuset.cpus = 0,1</term> | |
522 | <listitem><para></para></listitem> | |
523 | </varlistentry> | |
524 | ||
525 | <varlistentry> | |
526 | <term>lxc.cgroup.cpu.shares = 1234</term> | |
527 | <listitem><para></para></listitem> | |
528 | </varlistentry> | |
529 | ||
530 | <varlistentry> | |
531 | <term>lxc.cgroup.devices.deny = a</term> | |
532 | <listitem><para></para></listitem> | |
533 | </varlistentry> | |
534 | ||
535 | <varlistentry> | |
536 | <term>lxc.cgroup.devices.allow = c 1:3 rw</term> | |
537 | <listitem><para></para></listitem> | |
538 | </varlistentry> | |
539 | ||
540 | <varlistentry> | |
541 | <term>lxc.cgroup.devices.allow = b 8:0 rw</term> | |
542 | <listitem><para></para></listitem> | |
543 | </varlistentry> | |
544 | </variablelist> | |
545 | ||
546 | </refsect2> | |
547 | ||
548 | <refsect2> | |
549 | <title>Complex configuration</title> | |
550 | <para>This example show a complex configuration making a complex | |
551 | network stack, using the control groups, setting a new hostname, | |
552 | mounting some locations and a changing the root file | |
553 | system.</para> | |
554 | ||
555 | <variablelist> | |
556 | <varlistentry> | |
557 | <term>lxc.utsname = complex</term> | |
558 | <listitem><para></para></listitem> | |
559 | </varlistentry> | |
560 | <varlistentry> | |
561 | <term>lxc.network.type = veth</term> | |
562 | <listitem><para></para></listitem> | |
563 | </varlistentry> | |
564 | <varlistentry> | |
565 | <term>lxc.network.flags = up</term> | |
566 | <listitem><para></para></listitem> | |
567 | </varlistentry> | |
568 | <varlistentry> | |
569 | <term>lxc.network.link = br0</term> | |
570 | <listitem><para></para></listitem> | |
571 | </varlistentry> | |
572 | <varlistentry> | |
573 | <term>lxc.network.hwaddr = 4a:49:43:49:79:bf</term> | |
574 | <listitem><para></para></listitem> | |
575 | </varlistentry> | |
576 | <varlistentry> | |
577 | <term>lxc.network.ipv4 = 1.2.3.5/24</term> | |
578 | <listitem><para></para></listitem> | |
579 | </varlistentry> | |
580 | <varlistentry> | |
581 | <term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597</term> | |
582 | <listitem><para></para></listitem> | |
583 | </varlistentry> | |
584 | <varlistentry> | |
585 | <term>lxc.network.ipv6 = 2003:db8:1:0:214:5432:feab:3588</term> | |
586 | <listitem><para></para></listitem> | |
587 | </varlistentry> | |
588 | <varlistentry> | |
589 | <term>lxc.network.type = macvlan</term> | |
590 | <listitem><para></para></listitem> | |
591 | </varlistentry> | |
592 | <varlistentry> | |
593 | <term>lxc.network.flags = up</term> | |
594 | <listitem><para></para></listitem> | |
595 | </varlistentry> | |
596 | <varlistentry> | |
597 | <term>lxc.network.link = eth0</term> | |
598 | <listitem><para></para></listitem> | |
599 | </varlistentry> | |
600 | <varlistentry> | |
601 | <term>lxc.network.hwaddr = 4a:49:43:49:79:bd</term> | |
602 | <listitem><para></para></listitem> | |
603 | </varlistentry> | |
604 | <varlistentry> | |
605 | <term>lxc.network.ipv4 = 1.2.3.4/24</term> | |
606 | <listitem><para></para></listitem> | |
607 | </varlistentry> | |
608 | <varlistentry> | |
609 | <term>lxc.network.ipv4 = 192.168.10.125/24</term> | |
610 | <listitem><para></para></listitem> | |
611 | </varlistentry> | |
612 | <varlistentry> | |
613 | <term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596</term> | |
614 | <listitem><para></para></listitem> | |
615 | </varlistentry> | |
616 | <varlistentry> | |
617 | <term>lxc.network.type = phys</term> | |
618 | <listitem><para></para></listitem> | |
619 | </varlistentry> | |
620 | <varlistentry> | |
621 | <term>lxc.network.flags = up</term> | |
622 | <listitem><para></para></listitem> | |
623 | </varlistentry> | |
624 | <varlistentry> | |
625 | <term>lxc.network.link = dummy0</term> | |
626 | <listitem><para></para></listitem> | |
627 | </varlistentry> | |
628 | <varlistentry> | |
629 | <term>lxc.network.hwaddr = 4a:49:43:49:79:ff</term> | |
630 | <listitem><para></para></listitem> | |
631 | </varlistentry> | |
632 | <varlistentry> | |
633 | <term>lxc.network.ipv4 = 1.2.3.6/24</term> | |
634 | <listitem><para></para></listitem> | |
635 | </varlistentry> | |
636 | <varlistentry> | |
637 | <term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3297</term> | |
638 | <listitem><para></para></listitem> | |
639 | </varlistentry> | |
640 | <varlistentry> | |
641 | <term>lxc.cgroup.cpuset.cpus = 0,1</term> | |
642 | <listitem><para></para></listitem> | |
643 | </varlistentry> | |
644 | <varlistentry> | |
645 | <term>lxc.cgroup.cpu.shares = 1234</term> | |
646 | <listitem><para></para></listitem> | |
647 | </varlistentry> | |
648 | <varlistentry> | |
649 | <term>lxc.cgroup.devices.deny = a</term> | |
650 | <listitem><para></para></listitem> | |
651 | </varlistentry> | |
652 | <varlistentry> | |
653 | <term>lxc.cgroup.devices.allow = c 1:3 rw</term> | |
654 | <listitem><para></para></listitem> | |
655 | </varlistentry> | |
656 | <varlistentry> | |
657 | <term>lxc.cgroup.devices.allow = b 8:0 rw</term> | |
658 | <listitem><para></para></listitem> | |
659 | </varlistentry> | |
660 | <varlistentry> | |
661 | <term>lxc.mount = /etc/fstab.complex</term> | |
662 | <listitem><para></para></listitem> | |
663 | </varlistentry> | |
0f71d073 DL |
664 | <varlistentry> |
665 | <term>lxc.mount.entry = /lib /root/myrootfs/lib none ro,bind 0 0</term> | |
666 | <listitem><para></para></listitem> | |
667 | </varlistentry> | |
8a67a2b2 | 668 | <varlistentry> |
669 | <term>lxc.rootfs = /mnt/rootfs.complex</term> | |
670 | <listitem><para></para></listitem> | |
671 | </varlistentry> | |
81810dd1 DL |
672 | <varlistentry> |
673 | <term>lxc.cap.drop = sys_module mknod setuid net_raw</term> | |
674 | <listitem><para></para></listitem> | |
675 | </varlistentry> | |
676 | <varlistentry> | |
677 | <term>lxc.cap.drop = mac_override</term> | |
678 | <listitem><para></para></listitem> | |
679 | </varlistentry> | |
8a67a2b2 | 680 | </variablelist> |
681 | </refsect2> | |
682 | ||
683 | </refsect1> | |
684 | ||
685 | <refsect1> | |
686 | <title>See Also</title> | |
687 | <simpara> | |
8a67a2b2 | 688 | <citerefentry> |
689 | <refentrytitle><command>chroot</command></refentrytitle> | |
690 | <manvolnum>1</manvolnum> | |
691 | </citerefentry>, | |
692 | ||
693 | <citerefentry> | |
694 | <refentrytitle><command>pivot_root</command></refentrytitle> | |
695 | <manvolnum>8</manvolnum> | |
696 | </citerefentry>, | |
697 | ||
698 | <citerefentry> | |
699 | <refentrytitle><filename>fstab</filename></refentrytitle> | |
700 | <manvolnum>5</manvolnum> | |
701 | </citerefentry> | |
702 | ||
703 | </simpara> | |
704 | </refsect1> | |
705 | ||
99e4008c MN |
706 | &seealso; |
707 | ||
8a67a2b2 | 708 | <refsect1> |
709 | <title>Author</title> | |
710 | <para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para> | |
711 | </refsect1> | |
712 | ||
713 | </refentry> | |
714 | ||
715 | <!-- Keep this comment at the end of the file | |
716 | Local variables: | |
717 | mode: sgml | |
718 | sgml-omittag:t | |
719 | sgml-shorttag:t | |
720 | sgml-minimize-attributes:nil | |
721 | sgml-always-quote-attributes:t | |
722 | sgml-indent-step:2 | |
723 | sgml-indent-data:t | |
724 | sgml-parent-document:nil | |
725 | sgml-default-dtd-file:nil | |
726 | sgml-exposed-tags:nil | |
727 | sgml-local-catalogs:nil | |
728 | sgml-local-ecat-files:nil | |
729 | End: | |
730 | --> |