/
config
48 lines (42 loc) · 1.71 KB
/
config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
lxc.network.type=veth
lxc.network.link=lxcbr0
lxc.network.flags=up
# /var/lib/lxc/quark/config
## Container
lxc.utsname = quark
lxc.rootfs = /var/lib/lxc/quark/rootfs
lxc.tty = 4
lxc.pts = 1024
#lxc.console = /var/log/lxc/quark.console
## Capabilities
lxc.cap.drop = sys_admin
# uncomment the next line to run the container unconfined:
#lxc.aa_profile = unconfined
## Devices
lxc.cgroup.devices.allow = a
#lxc.cgroup.devices.deny = a
# /dev/null
lxc.cgroup.devices.allow = c 1:3 rwm
# /dev/zero
lxc.cgroup.devices.allow = c 1:5 rwm
# /dev/tty[1-4] consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# /dev/rtc
lxc.cgroup.devices.allow = c 254:0 rwm
## Limits
#lxc.cgroup.cpu.shares = 1024
#lxc.cgroup.cpuset.cpus = 0
#lxc.cgroup.memory.limit_in_bytes = 256M
#lxc.cgroup.memory.memsw.limit_in_bytes = 1G
## Filesystem
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults,ro 0 0
#lxc.mount.entry = /srv/quark srv/quark none defaults,bind 0 0