merge upstream lxc-templates configs

note that we have 1 difference to upstream,
from 612ec1f054 ("config: opensuse.common: unset lxc.tty.dir key")

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

config/alpine.common.conf.in

@@ -8,7 +8,6 @@ lxc.tty.dir =
 lxc.cap.drop = audit_write
 lxc.cap.drop = ipc_owner
 lxc.cap.drop = mknod
-lxc.cap.drop = setpcap
 lxc.cap.drop = sys_nice
 lxc.cap.drop = sys_pacct
 lxc.cap.drop = sys_rawio

config/archlinux.common.conf.in

@@ -27,3 +27,5 @@ lxc.signal.halt=SIGRTMIN+4
 # lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
 # lxc.cap.drop = audit_write
 # lxc.cap.drop = setpcap          # big big login delays in Fedora 20 systemd
+#
+lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio

config/centos.common.conf.in

@@ -17,3 +17,4 @@ lxc.include = @LXCTEMPLATECONFIG@/common.conf
 # lxc.cap.drop = setuid           # breaks sshd,nfs statd
 # lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
 # lxc.cap.drop = audit_write
+lxc.cap.drop = sys_nice sys_pacct sys_rawio

config/devuan.common.conf.in

@@ -0,0 +1,28 @@
+# This derives from the global common config
+lxc.include = @LXCTEMPLATECONFIG@/common.conf
+
+# Doesn't support consoles in /dev/lxc/
+lxc.tty.dir =
+
+# When using LXC with apparmor, the container will be confined by default.
+# If you wish for it to instead run unconfined, copy the following line
+# (uncommented) to the container's configuration file.
+#lxc.apparmor.profile = unconfined
+
+# If you wish to allow mounting block filesystems, then use the following
+# line instead, and make sure to grant access to the block device and/or loop
+# devices below in lxc.cgroup.devices.allow.
+#lxc.apparmor.profile = lxc-container-default-with-mounting
+
+# Extra cgroup device access
+## rtc
+lxc.cgroup.devices.allow = c 254:0 rm
+## tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+## hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+## kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
+## To use loop devices, copy the following line to the container's
+## configuration file (uncommented).
+#lxc.cgroup.devices.allow = b 7:* rwm

config/devuan.userns.conf.in

@@ -0,0 +1,2 @@
+# This derives from the global userns config
+lxc.include = @LXCTEMPLATECONFIG@/userns.conf

config/fedora.common.conf.in

@@ -18,3 +18,4 @@ lxc.include = @LXCTEMPLATECONFIG@/common.conf
 # lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
 # lxc.cap.drop = audit_write
 # lxc.cap.drop = setpcap          # big big login delays in Fedora 20 systemd
+lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio

config/kali.common.conf.in

@@ -0,0 +1,28 @@
+# This derives from the global common config
+lxc.include = @LXCTEMPLATECONFIG@/common.conf
+
+# Doesn't support consoles in /dev/lxc/
+lxc.tty.dir =
+
+# When using LXC with apparmor, the container will be confined by default.
+# If you wish for it to instead run unconfined, copy the following line
+# (uncommented) to the container's configuration file.
+#lxc.apparmor.profile = unconfined
+
+# If you wish to allow mounting block filesystems, then use the following
+# line instead, and make sure to grant access to the block device and/or loop
+# devices below in lxc.cgroup.devices.allow.
+#lxc.apparmor.profile = lxc-container-default-with-mounting
+
+# Extra cgroup device access
+## rtc
+lxc.cgroup.devices.allow = c 254:0 rm
+## tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+## hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+## kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
+## To use loop devices, copy the following line to the container's
+## configuration file (uncommented).
+#lxc.cgroup.devices.allow = b 7:* rwm

config/kali.userns.conf.in

@@ -0,0 +1,2 @@
+# This derives from the global userns config
+lxc.include = @LXCTEMPLATECONFIG@/userns.conf

config/opensuse.common.conf.in

@@ -19,5 +19,6 @@ lxc.include = @LXCTEMPLATECONFIG@/common.conf
 # lxc.cap.drop = audit_write
 # lxc.cap.drop = setpcap          # big big login delays in Fedora 20 systemd
 # lxc.cap.drop = setfcap
+lxc.cap.drop = sys_nice sys_pacct sys_rawio
 
 lxc.tty.dir =