1 # This derives from the global common config.
2 lxc.include = @LXCTEMPLATECONFIG@/common.conf
4 # Doesn't support consoles in /dev/lxc/.
7 # Drop another (potentially) harmful capabilities.
8 lxc.cap.drop = audit_write
9 lxc.cap.drop = ipc_owner
11 lxc.cap.drop = setpcap
12 lxc.cap.drop = sys_nice
13 lxc.cap.drop = sys_pacct
14 lxc.cap.drop = sys_ptrace
15 lxc.cap.drop = sys_rawio
16 lxc.cap.drop = sys_resource
17 lxc.cap.drop = sys_tty_config
19 lxc.cap.drop = wake_alarm
21 # Mount /run as tmpfs.
22 lxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0
24 # Mount /dev/shm as tmpfs; needed for building python and possibly other packages.
25 lxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0