[lxc-devel] [lxd/master] doc/projects: Sort config keys

stgraber on Github lxc-bot at linuxcontainers.org
Tue Sep 22 13:33:37 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200922/016214a7/attachment.bin>
-------------- next part --------------
From 602317cfa68ffc3c9ad0dd8153632c7b9c5e56bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 22 Sep 2020 09:33:22 -0400
Subject: [PATCH] doc/projects: Sort config keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: St├ęphane Graber <stgraber at ubuntu.com>
---
 doc/projects.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/doc/projects.md b/doc/projects.md
index 5d12928046..e8c1142e8d 100644
--- a/doc/projects.md
+++ b/doc/projects.md
@@ -18,29 +18,29 @@ currently supported:
 Key                                  | Type      | Condition             | Default                   | Description
 :--                                  | :--       | :--                   | :--                       | :--
 features.images                      | boolean   | -                     | true                      | Separate set of images and image aliases for the project
+features.networks                    | boolean   | -                     | true                      | Separate set of networks for the project
 features.profiles                    | boolean   | -                     | true                      | Separate set of profiles for the project
 features.storage.volumes             | boolean   | -                     | true                      | Separate set of storage volumes for the project
-features.networks                    | boolean   | -                     | true                      | Separate set of networks for the project
 limits.containers                    | integer   | -                     | -                         | Maximum number of containers that can be created in the project
-limits.virtual-machines              | integer   | -                     | -                         | Maximum number of VMs that can be created in the project
 limits.cpu                           | integer   | -                     | -                         | Maximum value for the sum of individual "limits.cpu" configs set on the instances of the project
 limits.disk                          | string    | -                     | -                         | Maximum value of aggregate disk space used by all instances volumes, custom volumes and images of the project
 limits.memory                        | string    | -                     | -                         | Maximum value for the sum of individual "limits.memory" configs set on the instances of the project
-limits.processes                     | integer   | -                     | -                         | Maximum value for the sum of individual "limits.processes" configs set on the instances of the project
 limits.networks                      | integer   | -                     | -                         | Maximum value for the number of networks this project can have
+limits.processes                     | integer   | -                     | -                         | Maximum value for the sum of individual "limits.processes" configs set on the instances of the project
+limits.virtual-machines              | integer   | -                     | -                         | Maximum number of VMs that can be created in the project
 restricted                           | boolean   | -                     | true                      | Block access to security-sensitive features
+restricted.containers.lowlevel       | string    | -                     | block                     | Prevents use of low-level container options like raw.lxc, raw.idmap, volatile, etc.
 restricted.containers.nesting        | string    | -                     | block                     | Prevents setting security.nesting=true.
 restricted.containers.privilege      | string    | -                     | unpriviliged              | If "unpriviliged", prevents setting security.privileged=true. If "isolated", prevents setting security.privileged=true and also security.idmap.isolated=true. If "allow", no restriction apply.
-restricted.containers.lowlevel       | string    | -                     | block                     | Prevents use of low-level container options like raw.lxc, raw.idmap, volatile, etc.
-restricted.virtual-machines.lowlevel | string    | -                     | block                     | Prevents use of low-level virtual-machine options like raw.qemu, volatile, etc.
 restricted.devices.disk              | string    | -                     | managed                   | If "block" prevent use of disk devices except the root one. If "managed" allow use of disk devices only if "pool=" is set. If "allow", no restrictions apply.
 restricted.devices.gpu               | string    | -                     | block                     | Prevents use of devices of type "gpu"
-restricted.devices.usb               | string    | -                     | block                     | Prevents use of devices of type "usb"
-restricted.devices.nic               | string    | -                     | managed                   | If "block" prevent use of all network devices. If "managed" allow use of network devices only if "network=" is set. If "allow", no restrictions apply.
 restricted.devices.infiniband        | string    | -                     | block                     | Prevents use of devices of type "infiniband"
-restricted.devices.unix-char         | string    | -                     | block                     | Prevents use of devices of type "unix-char"
+restricted.devices.nic               | string    | -                     | managed                   | If "block" prevent use of all network devices. If "managed" allow use of network devices only if "network=" is set. If "allow", no restrictions apply.
 restricted.devices.unix-block        | string    | -                     | block                     | Prevents use of devices of type "unix-block"
+restricted.devices.unix-char         | string    | -                     | block                     | Prevents use of devices of type "unix-char"
 restricted.devices.unix-hotplug      | string    | -                     | block                     | Prevents use of devices of type "unix-hotplug"
+restricted.devices.usb               | string    | -                     | block                     | Prevents use of devices of type "usb"
+restricted.virtual-machines.lowlevel | string    | -                     | block                     | Prevents use of low-level virtual-machine options like raw.qemu, volatile, etc.
 
 Those keys can be set using the lxc tool with:
 


More information about the lxc-devel mailing list