[lxc-devel] [PATCH] add comments about running unconfined or nesting containers back to ubuntu.common.conf
S.Çağlar Onur
caglar at 10ur.org
Sat Dec 7 23:04:10 UTC 2013
Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
---
config/templates/ubuntu.common.conf.in | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/config/templates/ubuntu.common.conf.in b/config/templates/ubuntu.common.conf.in
index 8c61033..1195175 100644
--- a/config/templates/ubuntu.common.conf.in
+++ b/config/templates/ubuntu.common.conf.in
@@ -17,6 +17,13 @@ lxc.pts = 1024
# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
+# To support container nesting on an Ubuntu host, uncomment next two lines:
+#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
+
# Default cgroup limits
lxc.cgroup.devices.deny = a
## Allow any mknod (but not using the node)
--
1.8.3.2
More information about the lxc-devel
mailing list