mirror of
git://git.proxmox.com/git/lxc.git
synced 2024-12-22 17:35:53 +03:00
db69b3776d
note that we have 1 difference to upstream,
from 612ec1f054
("config: opensuse.common: unset lxc.tty.dir key")
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
24 lines
713 B
Plaintext
24 lines
713 B
Plaintext
# This derives from the global common config.
|
|
lxc.include = @LXCTEMPLATECONFIG@/common.conf
|
|
|
|
# Doesn't support consoles in /dev/lxc/.
|
|
lxc.tty.dir =
|
|
|
|
# Drop another (potentially) harmful capabilities.
|
|
lxc.cap.drop = audit_write
|
|
lxc.cap.drop = ipc_owner
|
|
lxc.cap.drop = mknod
|
|
lxc.cap.drop = sys_nice
|
|
lxc.cap.drop = sys_pacct
|
|
lxc.cap.drop = sys_rawio
|
|
lxc.cap.drop = sys_resource
|
|
lxc.cap.drop = sys_tty_config
|
|
lxc.cap.drop = syslog
|
|
lxc.cap.drop = wake_alarm
|
|
|
|
# Mount /run as tmpfs.
|
|
lxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0
|
|
|
|
# Mount /dev/shm as tmpfs; needed for building python and possibly other packages.
|
|
lxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
|