|
|
- --- /dev/null
- +++ b/config/templates/openwrt.common.conf.in
- @@ -0,0 +1,56 @@
- +# Default mount entries
- +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
- +lxc.mount.entry = sysfs sys sysfs defaults 0 0
- +
- +# Default console settings
- +lxc.devttydir = lxc
- +lxc.tty = 4
- +lxc.pts = 1024
- +
- +# Default capabilities
- +lxc.cap.drop = mac_admin
- +lxc.cap.drop = mac_override
- +lxc.cap.drop = sys_admin
- +lxc.cap.drop = sys_module
- +lxc.cap.drop = sys_nice
- +lxc.cap.drop = sys_pacct
- +lxc.cap.drop = sys_ptrace
- +lxc.cap.drop = sys_rawio
- +lxc.cap.drop = sys_resource
- +lxc.cap.drop = sys_time
- +lxc.cap.drop = sys_tty_config
- +lxc.cap.drop = syslog
- +lxc.cap.drop = wake_alarm
- +
- +# Default cgroups - all denied except those whitelisted
- +lxc.cgroup.devices.deny = a
- +## /dev/null and zero
- +lxc.cgroup.devices.allow = c 1:3 rwm
- +lxc.cgroup.devices.allow = c 1:5 rwm
- +## consoles
- +lxc.cgroup.devices.allow = c 5:0 rwm
- +lxc.cgroup.devices.allow = c 5:1 rwm
- +## /dev/{,u}random
- +lxc.cgroup.devices.allow = c 1:8 rwm
- +lxc.cgroup.devices.allow = c 1:9 rwm
- +## /dev/pts/*
- +lxc.cgroup.devices.allow = c 5:2 rwm
- +lxc.cgroup.devices.allow = c 136:* rwm
- +## rtc
- +lxc.cgroup.devices.allow = c 254:0 rm
- +## fuse
- +lxc.cgroup.devices.allow = c 10:229 rwm
- +## tun
- +lxc.cgroup.devices.allow = c 10:200 rwm
- +## dev/tty0
- +lxc.cgroup.devices.allow = c 4:0 rwm
- +## dev/tty1
- +lxc.cgroup.devices.allow = c 4:1 rwm
- +
- +## To use loop devices, copy the following line to the container's
- +## configuration file (uncommented).
- +#lxc.cgroup.devices.allow = b 7:* rwm
- +
- +# Blacklist some syscalls which are not safe in privileged
- +# containers
- +lxc.seccomp = /usr/share/lxc/config/common.seccomp
- --- a/configure.ac
- +++ b/configure.ac
- @@ -579,6 +579,7 @@ AC_CONFIG_FILES([
- config/templates/ubuntu.common.conf
- config/templates/ubuntu.lucid.conf
- config/templates/ubuntu.userns.conf
- + config/templates/openwrt.common.conf
- config/yum/Makefile
-
- doc/Makefile
- --- a/config/templates/Makefile.am
- +++ b/config/templates/Makefile.am
- @@ -22,4 +22,5 @@ templatesconfig_DATA = \
- ubuntu-cloud.userns.conf \
- ubuntu.common.conf \
- ubuntu.lucid.conf \
- - ubuntu.userns.conf
- + ubuntu.userns.conf \
- + openwrt.common.conf
|
