config/alpine.common.conf.in

   1 # This derives from the global common config.
   2 lxc.include = @LXCTEMPLATECONFIG@/common.conf
   3
   4 # Doesn't support consoles in /dev/lxc/.
   5 lxc.tty.dir =
   6
   7 # Drop another (potentially) harmful capabilities.
   8 lxc.cap.drop = audit_write
   9 lxc.cap.drop = ipc_owner
  10 lxc.cap.drop = mknod
  11 lxc.cap.drop = setpcap
  12 lxc.cap.drop = sys_nice
  13 lxc.cap.drop = sys_pacct
  14 lxc.cap.drop = sys_rawio
  15 lxc.cap.drop = sys_resource
  16 lxc.cap.drop = sys_tty_config
  17 lxc.cap.drop = syslog
  18 lxc.cap.drop = wake_alarm
  19
  20 # Mount /run as tmpfs.
  21 lxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0
  22
  23 # Mount /dev/shm as tmpfs; needed for building python and possibly other packages.
  24 lxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0