config/templates/ubuntu.common.conf.in

   1 # Default pivot location
   2 lxc.pivotdir = lxc_putold
   3
   4 # Default mount entries
   5 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
   6 lxc.mount.entry = sysfs sys sysfs defaults 0 0
   7 lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
   8 lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
   9 lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
  10 lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
  11
  12 # Default console settings
  13 lxc.devttydir = lxc
  14 lxc.tty = 4
  15 lxc.pts = 1024
  16
  17 # Default capabilities
  18 lxc.cap.drop = sys_module mac_admin mac_override sys_time
  19
  20 # When using LXC with apparmor, the container will be confined by default.
  21 # If you wish for it to instead run unconfined, copy the following line
  22 # (uncommented) to the container's configuration file.
  23 #lxc.aa_profile = unconfined
  24
  25 # To support container nesting on an Ubuntu host while retaining most of
  26 # apparmor's added security, use the following two lines instead.
  27 #lxc.aa_profile = lxc-container-default-with-nesting
  28 #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
  29
  30 # If you wish to allow mounting block filesystems, then use the following
  31 # line instead, and make sure to grant access to the block device and/or loop
  32 # devices below in lxc.cgroup.devices.allow.
  33 #lxc.aa_profile = lxc-container-default-with-mounting
  34
  35 # Default cgroup limits
  36 lxc.cgroup.devices.deny = a
  37 ## Allow any mknod (but not using the node)
  38 lxc.cgroup.devices.allow = c *:* m
  39 lxc.cgroup.devices.allow = b *:* m
  40 ## /dev/null and zero
  41 lxc.cgroup.devices.allow = c 1:3 rwm
  42 lxc.cgroup.devices.allow = c 1:5 rwm
  43 ## consoles
  44 lxc.cgroup.devices.allow = c 5:0 rwm
  45 lxc.cgroup.devices.allow = c 5:1 rwm
  46 ## /dev/{,u}random
  47 lxc.cgroup.devices.allow = c 1:8 rwm
  48 lxc.cgroup.devices.allow = c 1:9 rwm
  49 ## /dev/pts/*
  50 lxc.cgroup.devices.allow = c 5:2 rwm
  51 lxc.cgroup.devices.allow = c 136:* rwm
  52 ## rtc
  53 lxc.cgroup.devices.allow = c 254:0 rm
  54 ## fuse
  55 lxc.cgroup.devices.allow = c 10:229 rwm
  56 ## tun
  57 lxc.cgroup.devices.allow = c 10:200 rwm
  58 ## full
  59 lxc.cgroup.devices.allow = c 1:7 rwm
  60 ## hpet
  61 lxc.cgroup.devices.allow = c 10:228 rwm
  62 ## kvm
  63 lxc.cgroup.devices.allow = c 10:232 rwm
  64 ## To use loop devices, copy the following line to the container's
  65 ## configuration file (uncommented).
  66 #lxc.cgroup.devices.allow = b 7:* rwm