# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices

lxc.cgroup.devices.deny =

lxc.cgroup.devices.allow =

# We can't move bind-mounts, so don't use /dev/lxc/

lxc.devttydir =

# Extra bind-mounts for userns

lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0

lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0

lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0

lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0

lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0

lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0

lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0

# Extra fstab entries as mountall can't mount those by itself

lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0

lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0