[lxc-devel] [lxd/master] doc/projects: Sort config keys
stgraber on Github
lxc-bot at linuxcontainers.org
Tue Sep 22 13:33:37 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200922/016214a7/attachment.bin>
-------------- next part --------------
From 602317cfa68ffc3c9ad0dd8153632c7b9c5e56bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 22 Sep 2020 09:33:22 -0400
Subject: [PATCH] doc/projects: Sort config keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
doc/projects.md | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/doc/projects.md b/doc/projects.md
index 5d12928046..e8c1142e8d 100644
--- a/doc/projects.md
+++ b/doc/projects.md
@@ -18,29 +18,29 @@ currently supported:
Key | Type | Condition | Default | Description
:-- | :-- | :-- | :-- | :--
features.images | boolean | - | true | Separate set of images and image aliases for the project
+features.networks | boolean | - | true | Separate set of networks for the project
features.profiles | boolean | - | true | Separate set of profiles for the project
features.storage.volumes | boolean | - | true | Separate set of storage volumes for the project
-features.networks | boolean | - | true | Separate set of networks for the project
limits.containers | integer | - | - | Maximum number of containers that can be created in the project
-limits.virtual-machines | integer | - | - | Maximum number of VMs that can be created in the project
limits.cpu | integer | - | - | Maximum value for the sum of individual "limits.cpu" configs set on the instances of the project
limits.disk | string | - | - | Maximum value of aggregate disk space used by all instances volumes, custom volumes and images of the project
limits.memory | string | - | - | Maximum value for the sum of individual "limits.memory" configs set on the instances of the project
-limits.processes | integer | - | - | Maximum value for the sum of individual "limits.processes" configs set on the instances of the project
limits.networks | integer | - | - | Maximum value for the number of networks this project can have
+limits.processes | integer | - | - | Maximum value for the sum of individual "limits.processes" configs set on the instances of the project
+limits.virtual-machines | integer | - | - | Maximum number of VMs that can be created in the project
restricted | boolean | - | true | Block access to security-sensitive features
+restricted.containers.lowlevel | string | - | block | Prevents use of low-level container options like raw.lxc, raw.idmap, volatile, etc.
restricted.containers.nesting | string | - | block | Prevents setting security.nesting=true.
restricted.containers.privilege | string | - | unpriviliged | If "unpriviliged", prevents setting security.privileged=true. If "isolated", prevents setting security.privileged=true and also security.idmap.isolated=true. If "allow", no restriction apply.
-restricted.containers.lowlevel | string | - | block | Prevents use of low-level container options like raw.lxc, raw.idmap, volatile, etc.
-restricted.virtual-machines.lowlevel | string | - | block | Prevents use of low-level virtual-machine options like raw.qemu, volatile, etc.
restricted.devices.disk | string | - | managed | If "block" prevent use of disk devices except the root one. If "managed" allow use of disk devices only if "pool=" is set. If "allow", no restrictions apply.
restricted.devices.gpu | string | - | block | Prevents use of devices of type "gpu"
-restricted.devices.usb | string | - | block | Prevents use of devices of type "usb"
-restricted.devices.nic | string | - | managed | If "block" prevent use of all network devices. If "managed" allow use of network devices only if "network=" is set. If "allow", no restrictions apply.
restricted.devices.infiniband | string | - | block | Prevents use of devices of type "infiniband"
-restricted.devices.unix-char | string | - | block | Prevents use of devices of type "unix-char"
+restricted.devices.nic | string | - | managed | If "block" prevent use of all network devices. If "managed" allow use of network devices only if "network=" is set. If "allow", no restrictions apply.
restricted.devices.unix-block | string | - | block | Prevents use of devices of type "unix-block"
+restricted.devices.unix-char | string | - | block | Prevents use of devices of type "unix-char"
restricted.devices.unix-hotplug | string | - | block | Prevents use of devices of type "unix-hotplug"
+restricted.devices.usb | string | - | block | Prevents use of devices of type "usb"
+restricted.virtual-machines.lowlevel | string | - | block | Prevents use of low-level virtual-machine options like raw.qemu, volatile, etc.
Those keys can be set using the lxc tool with:
More information about the lxc-devel
mailing list