alpine.common.conf.in revision 51ee5e0cec79793575ee8c64909b965a132a064d
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller# This derives from the global common config.
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.include = @LXCTEMPLATECONFIG@/common.conf
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller# Doesn't support consoles in /dev/lxc/.
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.devttydir =
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller# Drop another (potentially) harmful capabilities.
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = audit_write
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = ipc_owner
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = mknod
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = setfcap
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = setpcap
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = sys_nice
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = sys_pacct
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = sys_ptrace
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = sys_rawio
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = sys_resource
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = sys_tty_config
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = syslog
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.cap.drop = wake_alarm
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller# Mount /run as tmpfs.
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller# Mount /dev/shm as tmpfs; needed for building python and possibly other packages.
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning muellerlxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
58721b9d3a8cd6a624269ddf507f80af4417c9bdhenning mueller