config/templates/alpine.common.conf.in

	alpine.common.conf.in revision 51ee5e0cec79793575ee8c64909b965a132a064d
a8c5a86d183db25a57bf193c06b41e092ec2e151Timo Sirainen# This derives from the global common config.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenlxc.include = @LXCTEMPLATECONFIG@/common.conf
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen# Doesn't support consoles in /dev/lxc/.
16f816d3f3c32ae3351834253f52ddd0212bcbf3Timo Sirainenlxc.devttydir =
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
a2f250a332dfc1e6cd4ffd196c621eb9dbf7b8a1Timo Sirainen# Drop another (potentially) harmful capabilities.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenlxc.cap.drop = audit_write
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenlxc.cap.drop = ipc_owner
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenlxc.cap.drop = mknod
463e82bdf0e990f4f2252d2b53ea23a5abe5883cTimo Sirainenlxc.cap.drop = setfcap
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenlxc.cap.drop = setpcap
d41573018e85896ec836d897fd554e87126147f5Timo Sirainenlxc.cap.drop = sys_nice
d41573018e85896ec836d897fd554e87126147f5Timo Sirainenlxc.cap.drop = sys_pacct
d41573018e85896ec836d897fd554e87126147f5Timo Sirainenlxc.cap.drop = sys_ptrace
d41573018e85896ec836d897fd554e87126147f5Timo Sirainenlxc.cap.drop = sys_rawio
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainenlxc.cap.drop = sys_resource
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainenlxc.cap.drop = sys_tty_config
2c677e9d339bc91d5b54376ba2986f71476c06abTimo Sirainenlxc.cap.drop = syslog
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainenlxc.cap.drop = wake_alarm
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainen
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainen# Mount /run as tmpfs.
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainenlxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainen
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainen# Mount /dev/shm as tmpfs; needed for building python and possibly other packages.
20c892309312df8f4f73cfcaf8acd2ededda8b05Timo Sirainenlxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
20c892309312df8f4f73cfcaf8acd2ededda8b05Timo Sirainen