proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-05 15:27:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lxc.conf.sgml.in: fill in missing configuration file statements

Browse Source 
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn 2013-05-28 14:07:43 -05:00
parent 1897e3bcd3
commit 64f782ca69
1 changed files with 139 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
doc/lxc.conf.sgml.in
View File

@ -75,6 +75,32 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
the line is a comment.
</para>
<refsect2>
<title>Configuration</title>
<para>
In order to ease administration of multiple related containers, it
is possible to have a container configuration file cause another
file to be loaded. For instance, network configuration
can be defined in one common file which is included by multiple
containers. Then, if the containers are moved to another host,
only one file may need to be updated.
</para>
<variablelist>
<varlistentry>
<term>
<option>lxc.include</option>
</term>
<listitem>
<para>
Specify the file to be included. The included file must be
in the same valid lxc configuration file format.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>Architecture</title>
<para>
@ -395,6 +421,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
type, other arguments may be passed:
veth/macvlan/phys. And finally (host-sided) device name.
</para>
<para>
Standard output from the script is logged at debug level.
Standard error is not logged, but can be captured by the
hook redirecting its standard error to standard output.
</para>
</listitem>
</varlistentry>
@ -415,6 +446,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
type, other arguments may be passed:
veth/macvlan/phys. And finally (host-sided) device name.
</para>
<para>
Standard output from the script is logged at debug level.
Standard error is not logged, but can be captured by the
hook redirecting its standard error to standard output.
</para>
</listitem>
</varlistentry>
</variablelist>
@ -738,6 +774,56 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</variablelist>
</refsect2>
<refsect2>
<title>Apparmor profile</title>
<para>
If lxc was compiled and installed with apparmor support, and the host
system has apparmor enabled, then the apparmor profile under which the
container should be run can be specified in the container
configuration. The default is <command>lxc-container-default</command>.
</para>
<variablelist>
<varlistentry>
<term>
<option>lxc.aa_profile</option>
</term>
<listitem>
<para>
Specify the apparmor profile under which the container should
be run. To specify that the container should be unconfined,
use
</para>
<programlisting>lxc.aa_profile = unconfined</programlisting>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>Seccomp configuration</title>
<para>
A container can be started with a reduced set of available
system calls by loading a seccomp profile at startup. The
seccomp configuration file should begin with a version number
(which currently must be 1) on the first line, a policy type
(which must be 'whitelist') on the second line, followed by a
list of allowed system call numbers, one per line.
</para>
<variablelist>
<varlistentry>
<term>
<option>lxc.seccomp</option>
</term>
<listitem>
<para>
Specify a file containing the seccomp configuration to
load before the container starts.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>UID mappings</title>
<para>
@ -775,6 +861,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Container hooks are programs or scripts which can be executed
at various times in a container's lifetime.
</para>
<para>
Standard output from the hooks is logged at debug level.
Standard error is not logged, but can be captured by the
hook redirecting its standard error to standard output.
</para>
<variablelist>
<varlistentry>
<term>
@ -978,6 +1069,54 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</variablelist>
</refsect2>
<refsect2>
<title> Logging</title>
<para>
Logging can be configured on a per-container basis. By default,
depending upon how the lxc package was compiled, container startup
is logged only at the ERROR level, and logged to a file named after
the container (with '.log' appended) either under the container path,
or under @LOGPATH@.
</para>
<para>
Both the default log level and the log file can be specified in the
container configuration file, overriding the default behavior. Note
that the configuration file entries can in turn be overridden by the
command line options to <command>lxc-start</command>.
</para>
<variablelist>
<varlistentry>
<term>
<option>lxc.loglevel</option>
</term>
<listitem>
<para>
The level at which to log. The log level is an integer in
the range of 0..8 inclusive, where a lower number means more
verbose debugging. In particular 0 = trace, 1 = debug, 2 =
info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 =
alert, and 8 = fatal. If unspecified, the level defaults
to 5 (error), so that only errors and above are logged.
</para>
<para>
Note that when a script (such as either a hook script or a
network interface up or down script) is called, the script's
standard output is logged at level 1, debug.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>lxc.logfile</option>
</term>
<listitem>
<para>
The file to which logging info should be written.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect2>
</refsect1>