# Default configuration shared by all containers
# Setup the LXC devices in /dev/lxc/
-lxc.devttydir = lxc
+lxc.tty.dir = lxc
# Allow for 1024 pseudo terminals
lxc.pts = 1024
lxc.tty = 4
# Drop some harmful capabilities
-lxc.cap.drop = mac_admin mac_override sys_time sys_module
-
-# Set the pivot directory
-lxc.pivotdir = lxc_putold
+lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
# Ensure hostname is changed on clone
lxc.hook.clone = @LXCHOOKDIR@/clonehostname
lxc.cgroup.devices.allow = c 1:9 rwm
### /dev/pts/*
lxc.cgroup.devices.allow = c 136:* rwm
+### fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
# Setup the default mounts
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
# Blacklist some syscalls which are not safe in privileged
# containers