- --- a/config/templates/common.conf.in
- +++ b/config/templates/common.conf.in
- @@ -15,35 +15,6 @@ lxc.cap.drop = mac_admin mac_override sy
- # Ensure hostname is changed on clone
- lxc.hook.clone = @LXCHOOKDIR@/clonehostname
-
- -# Default legacy cgroup configuration
- -#
- -# CGroup allowlist
- -lxc.cgroup.devices.deny = a
- -## Allow any mknod (but not reading/writing the node)
- -lxc.cgroup.devices.allow = c *:* m
- -lxc.cgroup.devices.allow = b *:* m
- -## Allow specific devices
- -### /dev/null
- -lxc.cgroup.devices.allow = c 1:3 rwm
- -### /dev/zero
- -lxc.cgroup.devices.allow = c 1:5 rwm
- -### /dev/full
- -lxc.cgroup.devices.allow = c 1:7 rwm
- -### /dev/tty
- -lxc.cgroup.devices.allow = c 5:0 rwm
- -### /dev/console
- -lxc.cgroup.devices.allow = c 5:1 rwm
- -### /dev/ptmx
- -lxc.cgroup.devices.allow = c 5:2 rwm
- -### /dev/random
- -lxc.cgroup.devices.allow = c 1:8 rwm
- -### /dev/urandom
- -lxc.cgroup.devices.allow = c 1:9 rwm
- -### /dev/pts/*
- -lxc.cgroup.devices.allow = c 136:* rwm
- -### fuse
- -lxc.cgroup.devices.allow = c 10:229 rwm
- -
- # Default unified cgroup configuration
- #
- # CGroup allowlist
|
