diff --git a/boxes/common/lxc.conf b/boxes/common/lxc.conf new file mode 100644 index 0000000..7e5fc80 --- /dev/null +++ b/boxes/common/lxc.conf @@ -0,0 +1,46 @@ +lxc.network.type=veth +lxc.network.hwaddr = 00:16:3e:7f:04:b2 +lxc.network.link=lxcbr0 +lxc.network.flags=up + +lxc.pivotdir = lxc_putold + +lxc.devttydir = lxc +lxc.tty = 4 +lxc.pts = 1024 + +lxc.arch = amd64 +lxc.cap.drop = sys_module mac_admin mac_override + +# When using LXC with apparmor, uncomment the next line to run unconfined: +#lxc.aa_profile = unconfined + +lxc.cgroup.devices.deny = a +# Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +# /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +# consoles +lxc.cgroup.devices.allow = c 5:1 rwm +lxc.cgroup.devices.allow = c 5:0 rwm +#lxc.cgroup.devices.allow = c 4:0 rwm +#lxc.cgroup.devices.allow = c 4:1 rwm +# /dev/{,u}random +lxc.cgroup.devices.allow = c 1:9 rwm +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 136:* rwm +lxc.cgroup.devices.allow = c 5:2 rwm +# rtc +lxc.cgroup.devices.allow = c 254:0 rwm +#fuse +lxc.cgroup.devices.allow = c 10:229 rwm +#tun +lxc.cgroup.devices.allow = c 10:200 rwm +#full +lxc.cgroup.devices.allow = c 1:7 rwm +#hpet +lxc.cgroup.devices.allow = c 10:228 rwm +#kvm +lxc.cgroup.devices.allow = c 10:232 rwm