Attach a console device (/dev/console) to the container.
-`cores`: `<integer> (1 - 128)` ::
+`cores`: `<integer> (1 - 8192)` ::
The number of cores assigned to the container. A container can use all available cores by default.
-`cpulimit`: `<number> (0 - 128)` ('default =' `0`)::
+`cpulimit`: `<number> (0 - 8192)` ('default =' `0`)::
Limit of CPU usage.
+
+
NOTE: You can disable fair-scheduler configuration by setting this to 0.
+`debug`: `<boolean>` ('default =' `0`)::
+
+Try to be more verbose. For now this only enables debug log-level on start.
+
`description`: `<string>` ::
-Container description. Only used on the configuration web interface.
+Description for the Container. Shown in the web-interface CT's summary. This is saved as comment inside the configuration file.
-`features`: `[fuse=<1|0>] [,keyctl=<1|0>] [,mount=<fstype;fstype;...>] [,nesting=<1|0>]` ::
+`features`: `[force_rw_sys=<1|0>] [,fuse=<1|0>] [,keyctl=<1|0>] [,mknod=<1|0>] [,mount=<fstype;fstype;...>] [,nesting=<1|0>]` ::
Allow containers access to advanced features.
+`force_rw_sys`=`<boolean>` ('default =' `0`);;
+
+Mount /sys in unprivileged containers as `rw` instead of `mixed`. This can break networking under newer (>= v245) systemd-network use.
+
`fuse`=`<boolean>` ('default =' `0`);;
Allow using 'fuse' file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks.
For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker.
+`mknod`=`<boolean>` ('default =' `0`);;
+
+Allow unprivileged containers to use mknod() to add certain device nodes. This requires a kernel with seccomp trap to user space support (5.3 or newer). This is experimental.
+
`mount`=`<fstype;fstype;...>` ;;
Allow mounting file systems of specific types. This should be a list of file system types as used with the mount command. Note that this can have negative effects on the container's security. With access to a loop device, mounting a file can circumvent the mknod permission of the devices cgroup, mounting an NFS file system can block the host's I/O completely and prevent it from rebooting, etc.
Set a host name for the container.
-`lock`: `<backup | disk | migrate | mounted | rollback | snapshot | snapshot-delete>` ::
+`lock`: `<backup | create | destroyed | disk | fstrim | migrate | mounted | rollback | snapshot | snapshot-delete>` ::
Lock/unlock the VM.
Amount of RAM for the VM in MB.
-`mp[n]`: `[volume=]<volume> ,mp=<Path> [,acl=<1|0>] [,backup=<1|0>] [,quota=<1|0>] [,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>] [,size=<DiskSize>]` ::
+`mp[n]`: `[volume=]<volume> ,mp=<Path> [,acl=<1|0>] [,backup=<1|0>] [,mountoptions=<opt[;opt...]>] [,quota=<1|0>] [,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>] [,size=<DiskSize>]` ::
-Use volume as container mount point.
+Use volume as container mount point. Use the special syntax STORAGE_ID:SIZE_IN_GiB to allocate a new volume.
`acl`=`<boolean>` ;;
Whether to include the mount point in backups (only used for volume mount points).
+`mountoptions`=`<opt[;opt...]>` ;;
+
+Extra mount options for rootfs/mps.
+
`mp`=`<Path>` ;;
Path to the mount point as seen from inside the container.
`hwaddr`=`<XX:XX:XX:XX:XX:XX>` ;;
-The interface MAC address. This is dynamically allocated by default, but you can set that statically if needed, for example to always have the same link-local IPv6 address. (lxc.network.hwaddr)
+A common MAC address with the I/G (Individual/Group) bit not set.
`ip`=`<(IPv4/CIDR|dhcp|manual)>` ;;
Specifies whether a VM will be started during system bootup.
-`ostype`: `<alpine | archlinux | centos | debian | fedora | gentoo | opensuse | ubuntu | unmanaged>` ::
+`ostype`: `<alpine | archlinux | centos | debian | devuan | fedora | gentoo | nixos | opensuse | ubuntu | unmanaged>` ::
OS type. This is used to setup configuration inside the container, and corresponds to lxc setup scripts in /usr/share/lxc/config/<ostype>.common.conf. Value 'unmanaged' can be used to skip and OS specific setup.
Sets the protection flag of the container. This will prevent the CT or CT's disk remove/update operation.
-`rootfs`: `[volume=]<volume> [,acl=<1|0>] [,quota=<1|0>] [,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>] [,size=<DiskSize>]` ::
+`rootfs`: `[volume=]<volume> [,acl=<1|0>] [,mountoptions=<opt[;opt...]>] [,quota=<1|0>] [,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>] [,size=<DiskSize>]` ::
Use volume as container root.
Explicitly enable or disable ACL support.
+`mountoptions`=`<opt[;opt...]>` ;;
+
+Extra mount options for rootfs/mps.
+
`quota`=`<boolean>` ;;
Enable user quotas inside the container (not supported with zfs subvolumes)
Amount of SWAP for the VM in MB.
+`tags`: `<string>` ::
+
+Tags of the Container. This is only meta information.
+
`template`: `<boolean>` ('default =' `0`)::
Enable/disable Template.
+`timezone`: `<string>` ::
+
+Time zone to use in the container. If option isn't set, then nothing will be done. Can be set to 'host' to match the host time zone, or an arbitrary time zone option from /usr/share/zoneinfo/zone.tab
+
`tty`: `<integer> (0 - 6)` ('default =' `2`)::
Specify the number of tty available to the container
Makes the container run as unprivileged user. (Should not be modified manually.)
-`unused[n]`: `<string>` ::
+`unused[n]`: `[volume=]<volume>` ::
Reference to unused volumes. This is used internally, and should not be modified manually.
+`volume`=`<volume>` ;;
+
+The volume that is not used currently.
+
projects / pve-docs.git / blobdiff