From afeb95136cfec409e23c9f86b9e798682cb6d597 Mon Sep 17 00:00:00 2001
From: Per Johansson <pelle@scmcoord.com>
Date: Mon, 2 Mar 2015 08:29:59 -0500
Subject: [PATCH] Allow centos 7 image to run docker.

---
 conf/centos | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/conf/centos b/conf/centos
index 2b0121c..fa493a8 100644
--- a/conf/centos
+++ b/conf/centos
@@ -28,7 +28,7 @@ lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
 # lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
 # lxc.cap.drop = audit_write
 #
-lxc.cap.drop = mac_admin mac_override setfcap setpcap
+lxc.cap.drop = mac_admin mac_override
 lxc.cap.drop = sys_module sys_nice sys_pacct
 lxc.cap.drop = sys_rawio sys_time
 
@@ -46,6 +46,12 @@ lxc.cgroup.devices.allow = c 1:9 rwm	# /dev/urandom
 lxc.cgroup.devices.allow = c 136:* rwm	# /dev/tty[1-4] ptys and lxc console
 lxc.cgroup.devices.allow = c 5:2 rwm	# /dev/ptmx pty master
 
+# Needed by default docker config
+lxc.cgroup.devices.allow = c 5:1 rwm # /dev/console
+lxc.cgroup.devices.allow = c 4:0 rwm # /dev/tty0
+lxc.cgroup.devices.allow = c 4:1 rwm # /dev/tty1
+lxc.cgroup.devices.allow = c 10:200 rwm # /dev/net/tun
+
 # Blacklist some syscalls which are not safe in privileged
 # containers
 lxc.seccomp = /usr/share/lxc/config/common.seccomp