+CPU weight for a container. Argument is used in the kernel fair scheduler. The larger the number is, the more CPU time this container gets. Number is relative to the weights of all the other running guests.
+
+`debug`: `<boolean>` ('default =' `0`)::
+
+Try to be more verbose. For now this only enables debug log-level on start.
+
+`description`: `<string>` ::
+
+Description for the Container. Shown in the web-interface CT's summary. This is saved as comment inside the configuration file.
+
+`dev[n]`: `[[path=]<Path>] [,gid=<integer>] [,mode=<Octal access mode>] [,uid=<integer>]` ::
+
+Device to pass through to the container
+
+`gid`=`<integer> (0 - N)` ;;
+
+Group ID to be assigned to the device node
+
+`mode`=`<Octal access mode>` ;;
+
+Access mode to be set on the device node
+
+`path`=`<Path>` ;;
+
+Path to the device to pass through to the container
+
+`uid`=`<integer> (0 - N)` ;;
+
+User ID to be assigned to the device node
+
+`features`: `[force_rw_sys=<1|0>] [,fuse=<1|0>] [,keyctl=<1|0>] [,mknod=<1|0>] [,mount=<fstype;fstype;...>] [,nesting=<1|0>]` ::
+
+Allow containers access to advanced features.
+
+`force_rw_sys`=`<boolean>` ('default =' `0`);;
+
+Mount /sys in unprivileged containers as `rw` instead of `mixed`. This can break networking under newer (>= v245) systemd-network use.
+
+`fuse`=`<boolean>` ('default =' `0`);;
+
+Allow using 'fuse' file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks.
+
+`keyctl`=`<boolean>` ('default =' `0`);;
+
+For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker.
+
+`mknod`=`<boolean>` ('default =' `0`);;
+
+Allow unprivileged containers to use mknod() to add certain device nodes. This requires a kernel with seccomp trap to user space support (5.3 or newer). This is experimental.
+
+`mount`=`<fstype;fstype;...>` ;;