[lxc-devel] [PATCH] Move some common Ubuntu config
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Dec 6 15:08:28 UTC 2013
Quoting Stéphane Graber (stgraber at ubuntu.com):
> This introduces a new /usr/share/lxc/config directory containing common
> configuration snippets.
>
> The two Ubuntu templates are then simplified to just include the
> relevant entries avoiding a whole lot of hardcoded cgroup, capabilities
> and mount points configuration.
>
> An extra comment is also added at the top of all generated configuration
> files telling the user to look at lxc.conf(5) for more information.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Very nice. Long patch, but didn't see any problems.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> config/Makefile.am | 16 +----
> config/default.conf.libvirt | 3 -
> config/default.conf.ubuntu | 3 -
> config/default.conf.unknown | 1 -
> config/etc/Makefile.am | 15 ++++
> config/etc/default.conf.libvirt | 3 +
> config/etc/default.conf.ubuntu | 3 +
> config/etc/default.conf.unknown | 1 +
> config/templates/Makefile.am | 8 +++
> config/templates/ubuntu-cloud.common.conf.in | 4 ++
> config/templates/ubuntu-cloud.lucid.conf.in | 2 +
> config/templates/ubuntu-cloud.userns.conf.in | 16 +++++
> config/templates/ubuntu.common.conf.in | 48 +++++++++++++
> config/templates/ubuntu.lucid.conf.in | 2 +
> configure.ac | 9 +++
> src/lxc/lxccontainer.c | 1 +
> templates/lxc-ubuntu-cloud.in | 102 +++++++++------------------
> templates/lxc-ubuntu.in | 87 ++++++++---------------
> 18 files changed, 178 insertions(+), 146 deletions(-)
> delete mode 100644 config/default.conf.libvirt
> delete mode 100644 config/default.conf.ubuntu
> delete mode 100644 config/default.conf.unknown
> create mode 100644 config/etc/Makefile.am
> create mode 100644 config/etc/default.conf.libvirt
> create mode 100644 config/etc/default.conf.ubuntu
> create mode 100644 config/etc/default.conf.unknown
> create mode 100644 config/templates/Makefile.am
> create mode 100644 config/templates/ubuntu-cloud.common.conf.in
> create mode 100644 config/templates/ubuntu-cloud.lucid.conf.in
> create mode 100644 config/templates/ubuntu-cloud.userns.conf.in
> create mode 100644 config/templates/ubuntu.common.conf.in
> create mode 100644 config/templates/ubuntu.lucid.conf.in
>
> diff --git a/config/Makefile.am b/config/Makefile.am
> index 81d7709..7ca23eb 100644
> --- a/config/Makefile.am
> +++ b/config/Makefile.am
> @@ -1,15 +1 @@
> -configdir = $(sysconfdir)/lxc
> -config_DATA = default.conf
> -distroconf = @LXC_DISTRO_CONF@
> -
> -EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown
> -
> -default.conf:
> - cp $(distroconf) $@
> -
> -clean-local:
> - @$(RM) -f default.conf
> -
> -distclean-local:
> - @$(RM) -f default.conf
> - @$(RM) -f compile config.guess config.sub depcomp install-sh ltmain.sh missing Makefile.in Makefile
> +SUBDIRS = etc templates
> diff --git a/config/default.conf.libvirt b/config/default.conf.libvirt
> deleted file mode 100644
> index 6950dca..0000000
> --- a/config/default.conf.libvirt
> +++ /dev/null
> @@ -1,3 +0,0 @@
> -lxc.network.type = veth
> -lxc.network.link = virbr0
> -lxc.network.flags = up
> diff --git a/config/default.conf.ubuntu b/config/default.conf.ubuntu
> deleted file mode 100644
> index 0a5ac71..0000000
> --- a/config/default.conf.ubuntu
> +++ /dev/null
> @@ -1,3 +0,0 @@
> -lxc.network.type = veth
> -lxc.network.link = lxcbr0
> -lxc.network.flags = up
> diff --git a/config/default.conf.unknown b/config/default.conf.unknown
> deleted file mode 100644
> index 6c88010..0000000
> --- a/config/default.conf.unknown
> +++ /dev/null
> @@ -1 +0,0 @@
> -lxc.network.type = empty
> diff --git a/config/etc/Makefile.am b/config/etc/Makefile.am
> new file mode 100644
> index 0000000..81d7709
> --- /dev/null
> +++ b/config/etc/Makefile.am
> @@ -0,0 +1,15 @@
> +configdir = $(sysconfdir)/lxc
> +config_DATA = default.conf
> +distroconf = @LXC_DISTRO_CONF@
> +
> +EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown
> +
> +default.conf:
> + cp $(distroconf) $@
> +
> +clean-local:
> + @$(RM) -f default.conf
> +
> +distclean-local:
> + @$(RM) -f default.conf
> + @$(RM) -f compile config.guess config.sub depcomp install-sh ltmain.sh missing Makefile.in Makefile
> diff --git a/config/etc/default.conf.libvirt b/config/etc/default.conf.libvirt
> new file mode 100644
> index 0000000..6950dca
> --- /dev/null
> +++ b/config/etc/default.conf.libvirt
> @@ -0,0 +1,3 @@
> +lxc.network.type = veth
> +lxc.network.link = virbr0
> +lxc.network.flags = up
> diff --git a/config/etc/default.conf.ubuntu b/config/etc/default.conf.ubuntu
> new file mode 100644
> index 0000000..0a5ac71
> --- /dev/null
> +++ b/config/etc/default.conf.ubuntu
> @@ -0,0 +1,3 @@
> +lxc.network.type = veth
> +lxc.network.link = lxcbr0
> +lxc.network.flags = up
> diff --git a/config/etc/default.conf.unknown b/config/etc/default.conf.unknown
> new file mode 100644
> index 0000000..6c88010
> --- /dev/null
> +++ b/config/etc/default.conf.unknown
> @@ -0,0 +1 @@
> +lxc.network.type = empty
> diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
> new file mode 100644
> index 0000000..6cc045b
> --- /dev/null
> +++ b/config/templates/Makefile.am
> @@ -0,0 +1,8 @@
> +templatesconfigdir=@LXCTEMPLATECONFIG@
> +
> +templatesconfig_DATA = \
> + ubuntu-cloud.common.conf \
> + ubuntu-cloud.lucid.conf \
> + ubuntu-cloud.userns.conf \
> + ubuntu.common.conf \
> + ubuntu.lucid.conf
> diff --git a/config/templates/ubuntu-cloud.common.conf.in b/config/templates/ubuntu-cloud.common.conf.in
> new file mode 100644
> index 0000000..4d67722
> --- /dev/null
> +++ b/config/templates/ubuntu-cloud.common.conf.in
> @@ -0,0 +1,4 @@
> +# This derives from the main Ubuntu config
> +lxc.include = @LXCTEMPLATECONFIG@/ubuntu.common.conf
> +
> +lxc.hook.clone = @LXCHOOKDIR@/ubuntu-cloud-prep
> diff --git a/config/templates/ubuntu-cloud.lucid.conf.in b/config/templates/ubuntu-cloud.lucid.conf.in
> new file mode 100644
> index 0000000..78205e5
> --- /dev/null
> +++ b/config/templates/ubuntu-cloud.lucid.conf.in
> @@ -0,0 +1,2 @@
> +# This derives from the main Ubuntu lucid config
> +lxc.include = @LXCTEMPLATECONFIG@/ubuntu.lucid.conf
> diff --git a/config/templates/ubuntu-cloud.userns.conf.in b/config/templates/ubuntu-cloud.userns.conf.in
> new file mode 100644
> index 0000000..f47ede3
> --- /dev/null
> +++ b/config/templates/ubuntu-cloud.userns.conf.in
> @@ -0,0 +1,16 @@
> +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
> +lxc.cgroup.devices.deny =
> +lxc.cgroup.devices.allow =
> +
> +# We can't move bind-mounts, so don't use /dev/lxc/
> +lxc.devttydir =
> +
> +# Extra bind-mounts for userns
> +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +
> +# Extra fstab entries as mountall can't mount those by itself
> +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
> +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
> diff --git a/config/templates/ubuntu.common.conf.in b/config/templates/ubuntu.common.conf.in
> new file mode 100644
> index 0000000..8c61033
> --- /dev/null
> +++ b/config/templates/ubuntu.common.conf.in
> @@ -0,0 +1,48 @@
> +# Default pivot location
> +lxc.pivotdir = lxc_putold
> +
> +# Default mount entries
> +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
> +lxc.mount.entry = sysfs sys sysfs defaults 0 0
> +lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
> +lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
> +lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
> +lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
> +
> +# Default console settings
> +lxc.devttydir = lxc
> +lxc.tty = 4
> +lxc.pts = 1024
> +
> +# Default capabilities
> +lxc.cap.drop = sys_module mac_admin mac_override sys_time
> +
> +# Default cgroup limits
> +lxc.cgroup.devices.deny = a
> +## Allow any mknod (but not using the node)
> +lxc.cgroup.devices.allow = c *:* m
> +lxc.cgroup.devices.allow = b *:* m
> +## /dev/null and zero
> +lxc.cgroup.devices.allow = c 1:3 rwm
> +lxc.cgroup.devices.allow = c 1:5 rwm
> +## consoles
> +lxc.cgroup.devices.allow = c 5:0 rwm
> +lxc.cgroup.devices.allow = c 5:1 rwm
> +## /dev/{,u}random
> +lxc.cgroup.devices.allow = c 1:8 rwm
> +lxc.cgroup.devices.allow = c 1:9 rwm
> +## /dev/pts/*
> +lxc.cgroup.devices.allow = c 5:2 rwm
> +lxc.cgroup.devices.allow = c 136:* rwm
> +## rtc
> +lxc.cgroup.devices.allow = c 254:0 rm
> +## fuse
> +lxc.cgroup.devices.allow = c 10:229 rwm
> +## tun
> +lxc.cgroup.devices.allow = c 10:200 rwm
> +## full
> +lxc.cgroup.devices.allow = c 1:7 rwm
> +## hpet
> +lxc.cgroup.devices.allow = c 10:228 rwm
> +## kvm
> +lxc.cgroup.devices.allow = c 10:232 rwm
> diff --git a/config/templates/ubuntu.lucid.conf.in b/config/templates/ubuntu.lucid.conf.in
> new file mode 100644
> index 0000000..adb8b7e
> --- /dev/null
> +++ b/config/templates/ubuntu.lucid.conf.in
> @@ -0,0 +1,2 @@
> +# Ubuntu 10.04 LTS doesn't have /dev/lxc/
> +lxc.devttydir =
> diff --git a/configure.ac b/configure.ac
> index 7b3da91..575493f 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -361,6 +361,7 @@ AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf")
> AS_AC_EXPAND(LXC_USERNIC_DB, "$with_usernic_db")
> AS_AC_EXPAND(LXCROOTFSMOUNT, "$with_rootfs_path")
> AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates")
> +AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config")
> AS_AC_EXPAND(LXCHOOKDIR, "$datadir/lxc/hooks")
> AS_AC_EXPAND(LXCINITDIR, "$libexecdir")
> AS_AC_EXPAND(LOGPATH, "$with_log_path")
> @@ -447,7 +448,15 @@ AC_CONFIG_FILES([
> Makefile
> lxc.pc
> lxc.spec
> +
> config/Makefile
> + config/etc/Makefile
> + config/templates/Makefile
> + config/templates/ubuntu-cloud.common.conf
> + config/templates/ubuntu-cloud.lucid.conf
> + config/templates/ubuntu-cloud.userns.conf
> + config/templates/ubuntu.common.conf
> + config/templates/ubuntu.lucid.conf
>
> doc/Makefile
> doc/api/Makefile
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 7f54f50..7e09da9 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -1127,6 +1127,7 @@ bool prepend_lxc_header(char *path, const char *t, char *const argv[])
> fprintf(f, "%02x", md_value[i]);
> fprintf(f, "\n");
> #endif
> + fprintf(f, "# For additional config options, please look at lxc.conf(5)\n");
> if (fwrite(contents, 1, flen, f) != flen) {
> SYSERROR("Writing original contents");
> free(contents);
> diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in
> index 019ef5b..6798be5 100644
> --- a/templates/lxc-ubuntu-cloud.in
> +++ b/templates/lxc-ubuntu-cloud.in
> @@ -24,6 +24,7 @@ set -e
> STATE_DIR="@LOCALSTATEDIR@"
> HOOK_DIR="@LXCHOOKDIR@"
> CLONE_HOOK_FN="$HOOK_DIR/ubuntu-cloud-prep"
> +LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
>
> if [ -r /etc/default/lxc ]; then
> . /etc/default/lxc
> @@ -59,81 +60,45 @@ copy_configuration()
> grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
> fi
>
> - grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
> - cat <<EOF >> $path/config
> -lxc.mount = $path/fstab
> -lxc.pivotdir = lxc_putold
> -
> -lxc.devttydir =$ttydir
> -lxc.tty = 4
> -lxc.pts = 1024
> -
> -lxc.utsname = $name
> -lxc.arch = $arch
> -lxc.cap.drop = sys_module mac_admin mac_override sys_time
> + # Generate the configuration file
> + ## Create the fstab (empty by default)
> + touch $path/fstab
>
> -# When using LXC with apparmor, uncomment the next line to run unconfined:
> -#lxc.aa_profile = unconfined
> + ## Relocate all the network config entries
> + sed -i -e "/lxc.network/{w ${path}/config-network" -e "d}" $path/config
>
> -# To support container nesting on an Ubuntu host, uncomment next two lines:
> -#lxc.aa_profile = lxc-container-default-with-nesting
> -#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
> + ## Relocate any other config entries
> + sed -i -e "/lxc./{w ${path}/config-auto" -e "d}" $path/config
>
> -lxc.hook.clone = ${CLONE_HOOK_FN}
> -EOF
> -
> - # can't write to devices.deny without CAP_SYS_ADMIN in init-user-ns
> - if [ $in_userns -ne 1 ]; then
> - cat <<EOF >> $path/config
> -lxc.cgroup.devices.deny = a
> -# Allow any mknod (but not using the node)
> -lxc.cgroup.devices.allow = c *:* m
> -lxc.cgroup.devices.allow = b *:* m
> -# /dev/null and zero
> -lxc.cgroup.devices.allow = c 1:3 rwm
> -lxc.cgroup.devices.allow = c 1:5 rwm
> -# consoles
> -lxc.cgroup.devices.allow = c 5:1 rwm
> -lxc.cgroup.devices.allow = c 5:0 rwm
> -# /dev/{,u}random
> -lxc.cgroup.devices.allow = c 1:9 rwm
> -lxc.cgroup.devices.allow = c 1:8 rwm
> -lxc.cgroup.devices.allow = c 136:* rwm
> -lxc.cgroup.devices.allow = c 5:2 rwm
> -# rtc
> -lxc.cgroup.devices.allow = c 254:0 rm
> -# fuse
> -lxc.cgroup.devices.allow = c 10:229 rwm
> -# tun
> -lxc.cgroup.devices.allow = c 10:200 rwm
> -# full
> -lxc.cgroup.devices.allow = c 1:7 rwm
> -# hpet
> -lxc.cgroup.devices.allow = c 10:228 rwm
> -# kvm
> -lxc.cgroup.devices.allow = c 10:232 rwm
> -EOF
> + ## Add all the includes
> + echo "" >> $path/config
> + echo "# Common configuration" >> $path/config
> + if [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.common.conf" ]; then
> + echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.common.conf" >> $path/config
> + fi
> + if [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.${release}.conf" ]; then
> + echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.${release}.conf" >> $path/config
> + fi
> + if [ $in_userns -eq 1 ] && [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.userns.conf" ]; then
> + echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.userns.conf" >> $path/config
> fi
>
> - cat <<EOF > $path/fstab
> -proc proc proc nodev,noexec,nosuid 0 0
> -sysfs sys sysfs defaults 0 0
> -/sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
> -/sys/kernel/debug sys/kernel/debug none bind,optional 0 0
> -/sys/kernel/security sys/kernel/security none bind,optional 0 0
> -/sys/fs/pstore sys/fs/pstore none bind,optional 0 0
> + ## Add the container-specific config
> + echo "" >> $path/config
> + echo "# Container specific configuration" >> $path/config
> + [ -e "$path/config-auto" ] && cat $path/config-auto >> $path/config && rm $path/config-auto
> + grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
> + cat <<EOF >> $path/config
> +lxc.mount = $path/fstab
> +lxc.utsname = $name
> +lxc.arch = $arch
> EOF
>
> - # unprivileged user can't mknod these. One day we may allow
> - # that in the kernel, but not right now. So let's just bind
> - # mount the files from the host.
> - if [ $in_userns -eq 1 ]; then
> - mkdir -p $rootfs/dev/pts
> - for dev in null tty urandom console; do
> - touch $rootfs/dev/$dev
> - echo "/dev/$dev dev/$dev none bind 0 0" >> $path/fstab
> - done
> - fi
> + ## Re-add the previously removed network config
> + echo "" >> $path/config
> + echo "# Network configuration" >> $path/config
> + cat $path/config-network >> $path/config
> + rm $path/config-network
>
> # Set initial timezone as on host
> if [ -f /etc/timezone ]; then
> @@ -397,6 +362,7 @@ do_extract_rootfs() {
> cd $rootfs
> if [ $in_userns -eq 1 ]; then
> tar --anchored --exclude="dev/*" --numeric-owner -xpzf "$cache/$filename"
> + mkdir -p $cache/$filename/dev/pts/
> else
> tar --numeric-owner -xpzf "$cache/$filename"
> fi
> diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
> index e20a874..3dcc93a 100644
> --- a/templates/lxc-ubuntu.in
> +++ b/templates/lxc-ubuntu.in
> @@ -26,7 +26,8 @@
>
> set -e
>
> -LOCALSTATEDIR=@LOCALSTATEDIR@
> +LOCALSTATEDIR="@LOCALSTATEDIR@"
> +LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
>
> if [ -r /etc/default/lxc ]; then
> . /etc/default/lxc
> @@ -385,11 +386,6 @@ copy_configuration()
> arch="i686"
> fi
>
> - ttydir=""
> - if [ -f $rootfs/etc/init/container-detect.conf ]; then
> - ttydir=" lxc"
> - fi
> -
> # if there is exactly one veth network entry, make sure it has an
> # associated hwaddr.
> nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
> @@ -397,63 +393,42 @@ copy_configuration()
> grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
> fi
>
> + # Generate the configuration file
> + ## Create the fstab (empty by default)
> + touch $path/fstab
> +
> + ## Relocate all the network config entries
> + sed -i -e "/lxc.network/{w ${path}/config-network" -e "d}" $path/config
> +
> + ## Relocate any other config entries
> + sed -i -e "/lxc./{w ${path}/config-auto" -e "d}" $path/config
> +
> + ## Add all the includes
> + echo "" >> $path/config
> + echo "# Common configuration" >> $path/config
> + if [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu.common.conf" ]; then
> + echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu.common.conf" >> $path/config
> + fi
> + if [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu.${release}.conf" ]; then
> + echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu.${release}.conf" >> $path/config
> + fi
> +
> + ## Add the container-specific config
> + echo "" >> $path/config
> + echo "# Container specific configuration" >> $path/config
> + [ -e "$path/config-auto" ] && cat $path/config-auto >> $path/config && rm $path/config-auto
> grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
> cat <<EOF >> $path/config
> lxc.mount = $path/fstab
> -lxc.pivotdir = lxc_putold
> -
> -lxc.devttydir =$ttydir
> -lxc.tty = 4
> -lxc.pts = 1024
> -
> lxc.utsname = $name
> lxc.arch = $arch
> -lxc.cap.drop = sys_module mac_admin mac_override sys_time
> -
> -# When using LXC with apparmor, uncomment the next line to run unconfined:
> -#lxc.aa_profile = unconfined
> -
> -# To support container nesting on an Ubuntu host, uncomment next two lines:
> -#lxc.aa_profile = lxc-container-default-with-nesting
> -#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
> -
> -lxc.cgroup.devices.deny = a
> -# Allow any mknod (but not using the node)
> -lxc.cgroup.devices.allow = c *:* m
> -lxc.cgroup.devices.allow = b *:* m
> -# /dev/null and zero
> -lxc.cgroup.devices.allow = c 1:3 rwm
> -lxc.cgroup.devices.allow = c 1:5 rwm
> -# consoles
> -lxc.cgroup.devices.allow = c 5:1 rwm
> -lxc.cgroup.devices.allow = c 5:0 rwm
> -# /dev/{,u}random
> -lxc.cgroup.devices.allow = c 1:9 rwm
> -lxc.cgroup.devices.allow = c 1:8 rwm
> -lxc.cgroup.devices.allow = c 136:* rwm
> -lxc.cgroup.devices.allow = c 5:2 rwm
> -# rtc
> -lxc.cgroup.devices.allow = c 254:0 rm
> -# fuse
> -lxc.cgroup.devices.allow = c 10:229 rwm
> -# tun
> -lxc.cgroup.devices.allow = c 10:200 rwm
> -# full
> -lxc.cgroup.devices.allow = c 1:7 rwm
> -# hpet
> -lxc.cgroup.devices.allow = c 10:228 rwm
> -# kvm
> -lxc.cgroup.devices.allow = c 10:232 rwm
> EOF
>
> - cat <<EOF > $path/fstab
> -proc proc proc nodev,noexec,nosuid 0 0
> -sysfs sys sysfs defaults 0 0
> -/sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
> -/sys/kernel/debug sys/kernel/debug none bind,optional 0 0
> -/sys/kernel/security sys/kernel/security none bind,optional 0 0
> -/sys/fs/pstore sys/fs/pstore none bind,optional 0 0
> -EOF
> + ## Re-add the previously removed network config
> + echo "" >> $path/config
> + echo "# Network configuration" >> $path/config
> + cat $path/config-network >> $path/config
> + rm $path/config-network
>
> if [ $? -ne 0 ]; then
> echo "Failed to add configuration"
> --
> 1.8.5.1
>
>
> ------------------------------------------------------------------------------
> Sponsored by Intel(R) XDK
> Develop, test and display web and hybrid apps with a single code base.
> Download it for free now!
> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list