config: Allow all containers to use fuse This enables containers to mount fuse filesystems per default. The mount is designed to be safe. Hence, it can be enabled per default in common.conf. It will lead to a cleaner boot for some unprivileged systemd-based containers. Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

plamo: Change how to create objects under /dev in the container lxc-plamo stop: * creating objects under /dev when creating the container * removing /dev population process from original rc script now populate /dev at container boot time, and allow to enable lxc.autodev=1 Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Use consistent /proc, /sys and /sys/fs/cgroup (v2) - Implements mixed mode for /sys where it's mounted read-only but with /sys/devices/virtual/net/ writable. - Sets lxc.mount.auto to "cgroup:mixed proc:mixed sys:mixed" for all templates. - Drop any template-specific mount for /proc, /sys or /sys/fs/cgroup. - Get rid of the fstab file by default, using lxc.mount.entry instead. - Set sys:mixed as the default for "sys". sys:mixed is slightly more permissive than sys:ro so this shouldn't be a problem. The read-only bind mount of /sys on top of itself is there so that mountall and other init systems don't attempt to remount /sys read-write. v2 changes: - Fix the mount list, don't specify a source for the remount. - Update the documentation. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-plamo: Set lxc.autodev to 0 At this time, a container that is created by lxc-plamo can't work with lxc.autodev=1 Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-plamo: mount tmpfs on /dev/shm Do mkdir $rootfs/dev/shm and then mount tmpfs on /dev/shm. Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Reduce duplication in new style configs This is a rather massive cleanup of config/templates/* As new templates were added, I've noticed that we pretty much all share the tty/pts configs, some capabilities being dropped and most of the cgroup configuration. All the userns configs were also almost identical. As a result, this change introduces two new files: - common.conf.in - userns.conf.in Each is included by the relevant <template>.<type>.conf.in templates, this means that the individual per-template configs are now overlays on top of the default config. Once we see a specific key becoming popular, we ought to check whether it should also be applied to the other templates and if more than 50% of the templates have it set to the same value, that value ought to be moved to the master config file and then overriden for the templates that do not use it. This change while pretty big and scary, shouldn't be very visible from a user point of view, the actual changes can be summarized as: - Extend clonehostname to work with Debian based distros and use it for all containers. - lxc.pivotdir is now set to lxc_putold for all templates, this means that instead of using /mnt in the container, lxc will create and use /lxc_putold instead. The reason for this is to avoid failures when the user bind-mounts something else on top of /mnt. - Some minor cgroup limit changes, the main one I remember is /dev/console now being writable by all of the redhat based containers. The rest of the set should be identical with additions in the per-distro ones. - Drop binfmtmisc and efivars bind-mounts for non-mountall based unpriivileged containers as I assumed they got those from copy/paste from Ubuntu and not because they actually need those entries. (If I'm wrong, we probably should move those to userns.conf then). Additional investigation and changes to reduce the config delta between distros would be appreciated. In practice, I only expect lxc.cap.drop and lxc.mount.entry to really vary between distros (depending on the init system, the rest should be mostly common. Diff from the RFC: - Add archlinux to the mix - Drop /etc/hostname from the clone hook Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

plamo: Update template to use lxc.include and add plamo.common.conf Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>