1 # Default configuration for Sabayon containers
3 # Setup the default mounts
4 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
6 # Allow for 1024 pseudo terminals
9 # Setup 1 tty devices for lxc-console command
12 # Needed for systemd distro
15 # Doesn't support consoles in /dev/lxc/
19 lxc.cgroup.devices.deny = a
21 ## Allow any mknod (but not reading/writing the node)
22 #lxc.cgroup.devices.allow = c *:* m
23 #lxc.cgroup.devices.allow = b *:* m
25 ## Allow specific devices
27 lxc.cgroup.devices.allow = c 1:3 rwm
29 lxc.cgroup.devices.allow = c 1:5 rwm
31 lxc.cgroup.devices.allow = c 1:7 rwm
33 lxc.cgroup.devices.allow = c 1:8 rwm
35 lxc.cgroup.devices.allow = c 1:9 rwm
37 #lxc.cgroup.devices.allow = c 136:* rwm
39 #lxc.cgroup.devices.allow = c 5:0 rwm
41 #lxc.cgroup.devices.allow = c 5:1 rwm
43 #lxc.cgroup.devices.allow = c 5:2 rwm
45 #lxc.cgroup.devices.allow = c 10:229 rwm
46 ## To use loop devices, copy the following line to the container's
47 ## configuration file (uncommented).
48 #lxc.cgroup.devices.allow = b 7:* rwm
50 #lxc.cgroup.devices.allow = c 254:0 rm
52 #lxc.cgroup.devices.allow = c 10:200 rwm
54 #lxc.cgroup.devices.allow = c 10:228 rwm
56 #lxc.cgroup.devices.allow = c 10:232 rwm
58 #lxc.cgroup.devices.allow = c 1:1 rwm
60 # If something doesn't work, try to comment this out.
61 # Dropping sys_admin disables container root from doing a lot of things
62 # that could be bad like re-mounting lxc fstab entries rw for example,
63 # but also disables some useful things like being able to nfs mount, and
64 # things that are already namespaced with ns_capable() kernel checks, like
66 lxc.cap.drop = sys_time sys_module sys_rawio mac_admin mac_override
67 #lxc.cap.drop = sys_admin
70 # /dev/shm needs to be mounted as tmpfs. It's needed by python (bug #496328)
71 # and possibly other packages.
72 lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
74 # Blacklist some syscalls which are not safe in privileged
76 lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp
78 # Customize lxc options through common directory
79 lxc.include = @LXCTEMPLATECONFIG@/common.conf.d/