gentoo: Add basic userns config

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

config/templates/Makefile.am

@@ -9,6 +9,7 @@ templatesconfig_DATA = \
 	fedora.userns.conf \
 	gentoo.common.conf \
 	gentoo.moresecure.conf \
+	gentoo.userns.conf \
 	oracle.common.conf \
 	oracle.userns.conf \
 	plamo.common.conf \

config/templates/gentoo.userns.conf.in

@@ -0,0 +1,16 @@
+# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
+lxc.cgroup.devices.deny =
+lxc.cgroup.devices.allow =
+
+# We can't move bind-mounts, so don't use /dev/lxc/
+lxc.devttydir =
+
+# Extra bind-mounts for userns
+lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
+lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
+lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
+lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
+
+# Extra fstab entries as mountall can't mount those by itself
+lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
+lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0

configure.ac

@@ -570,6 +570,7 @@ AC_CONFIG_FILES([
 	config/templates/fedora.userns.conf
 	config/templates/gentoo.common.conf
 	config/templates/gentoo.moresecure.conf
+	config/templates/gentoo.userns.conf
 	config/templates/oracle.common.conf
 	config/templates/oracle.userns.conf
 	config/templates/plamo.common.conf