lxc.rootfs = /mnt/osl/var/lib/lxc/{{cont_name}}/rootfs
lxc.utsname = {{cont_name}}
lxc.tty = 4
lxc.pts = 1024
#lxc.id_map = u 0 100000 65536
#lxc.id_map = g 0 100000 65536
lxc.cap.drop = sys_module mac_admin mac_override sys_time

# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined

{% for k,v in stack['nodes'][tmp_node]['net'].iteritems() %}
#networking for {{k}}
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = {{v.bridge}}
lxc.network.name = {{k}}
lxc.network.mtu = 1500
{% for a in v.ipv4 %}
lxc.network.ipv4 = {{a}}
{% endfor %}
{% if v.default is defined %}
lxc.network.ipv4.gateway = {{v.default}}
{% endif %}

{% endfor %}

#cgroups
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 10:135 rwm

lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed