X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pct.conf.5-opts.adoc;h=7fb42b724a5aa7b8dd11c2a2cfef1667075cd771;hp=05bfa8221fc0d922dd612af24f3d2fb846b89932;hb=dd1aa0e01624f5927fb65143c9a070672ccbeb92;hpb=5d9c884c7b3f4980abbd4cbe91ea588a03266485 diff --git a/pct.conf.5-opts.adoc b/pct.conf.5-opts.adoc index 05bfa82..7fb42b7 100644 --- a/pct.conf.5-opts.adoc +++ b/pct.conf.5-opts.adoc @@ -1,4 +1,4 @@ -`arch`: `` ('default =' `amd64`):: +`arch`: `` ('default =' `amd64`):: OS architecture type. @@ -30,11 +30,35 @@ NOTE: You can disable fair-scheduler configuration by setting this to 0. Container description. Only used on the configuration web interface. +`features`: `[fuse=<1|0>] [,keyctl=<1|0>] [,mount=] [,nesting=<1|0>]` :: + +Allow containers access to advanced features. + +`fuse`=`` ('default =' `0`);; + +Allow using 'fuse' file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks. + +`keyctl`=`` ('default =' `0`);; + +For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker. + +`mount`=`` ;; + +Allow mounting file systems of specific types. This should be a list of file system types as used with the mount command. Note that this can have negative effects on the container's security. With access to a loop device, mounting a file can circumvent the mknod permission of the devices cgroup, mounting an NFS file system can block the host's I/O completely and prevent it from rebooting, etc. + +`nesting`=`` ('default =' `0`);; + +Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest. + +`hookscript`: `` :: + +Script that will be exectued during various steps in the containers lifetime. + `hostname`: `` :: Set a host name for the container. -`lock`: `` :: +`lock`: `` :: Lock/unlock the VM. @@ -90,7 +114,7 @@ Volume, device or directory to mount into the container. Sets DNS server IP address for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver. -`net[n]`: `name= [,bridge=] [,firewall=<1|0>] [,gw=] [,gw6=] [,hwaddr=] [,ip=] [,ip6=] [,mtu=] [,rate=] [,tag=] [,trunks=] [,type=]` :: +`net[n]`: `name= [,bridge=] [,firewall=<1|0>] [,gw=] [,gw6=] [,hwaddr=] [,ip=<(IPv4/CIDR|dhcp|manual)>] [,ip6=<(IPv6/CIDR|auto|dhcp|manual)>] [,mtu=] [,rate=] [,tag=] [,trunks=] [,type=]` :: Specifies network interfaces for the container. @@ -112,13 +136,13 @@ Default gateway for IPv6 traffic. `hwaddr`=`` ;; -The interface MAC address. This is dynamically allocated by default, but you can set that statically if needed, for example to always have the same link-local IPv6 address. (lxc.network.hwaddr) +A common MAC address with the I/G (Individual/Group) bit not set. -`ip`=`` ;; +`ip`=`<(IPv4/CIDR|dhcp|manual)>` ;; IPv4 address in CIDR format. -`ip6`=`` ;; +`ip6`=`<(IPv6/CIDR|auto|dhcp|manual)>` ;; IPv6 address in CIDR format.