5b99af0079813347d90c935ea540ed7f96dcea38Stéphane Graber# This derives from the global common config

5b99af0079813347d90c935ea540ed7f96dcea38Stéphane Graberlxc.include = @LXCTEMPLATECONFIG@/common.conf

5b99af0079813347d90c935ea540ed7f96dcea38Stéphane Graber

5b99af0079813347d90c935ea540ed7f96dcea38Stéphane Graber# Doesn't support consoles in /dev/lxc/

5b99af0079813347d90c935ea540ed7f96dcea38Stéphane Graberlxc.devttydir =

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber# When using LXC with apparmor, the container will be confined by default.

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber# If you wish for it to instead run unconfined, copy the following line

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber# (uncommented) to the container's configuration file.

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber#lxc.aa_profile = unconfined

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber# If you wish to allow mounting block filesystems, then use the following

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber# line instead, and make sure to grant access to the block device and/or loop

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber# devices below in lxc.cgroup.devices.allow.

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber#lxc.aa_profile = lxc-container-default-with-mounting

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber

5b99af0079813347d90c935ea540ed7f96dcea38Stéphane Graber# Extra cgroup device access

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber## rtc

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graberlxc.cgroup.devices.allow = c 254:0 rm

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber## tun

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graberlxc.cgroup.devices.allow = c 10:200 rwm

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber## hpet

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graberlxc.cgroup.devices.allow = c 10:228 rwm

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber## kvm

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graberlxc.cgroup.devices.allow = c 10:232 rwm

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber## To use loop devices, copy the following line to the container's

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber## configuration file (uncommented).

00fe5e1d19def221951c1bfcb631b47a2403c951Stéphane Graber#lxc.cgroup.devices.allow = b 7:* rwm