1 # CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
2 lxc.cgroup.devices.deny =
3 lxc.cgroup.devices.allow =
5 # We can't move bind-mounts, so don't use /dev/lxc/
8 # Extra bind-mounts for userns
9 lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
10 lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
11 lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
12 lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
13 lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
14 lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0