proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-08 12:18:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

openwrt: add common configuration file

Browse Source 
This adds OpenWrt common config file.

Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
CC: Luka Perkov <luka.perkov@sartura.hr>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
Petar Koretic 2014-10-30 12:41:49 +00:00 committed by Stéphane Graber
parent 6b41056280
commit c33bdec826
3 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/templates/Makefile.am
View File

@ -28,4 +28,5 @@ templatesconfig_DATA = \
ubuntu.common.conf \ ubuntu.common.conf \
ubuntu.lucid.conf \ ubuntu.lucid.conf \
ubuntu.userns.conf \ ubuntu.userns.conf \
openwrt.common.conf \
userns.conf userns.conf

56
config/templates/openwrt.common.conf.in Normal file
View File

@ -0,0 +1,56 @@
# Default mount entries
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
# Default console settings
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
# Default capabilities
lxc.cap.drop = mac_admin
lxc.cap.drop = mac_override
lxc.cap.drop = sys_admin
lxc.cap.drop = sys_module
lxc.cap.drop = sys_nice
lxc.cap.drop = sys_pacct
lxc.cap.drop = sys_ptrace
lxc.cap.drop = sys_rawio
lxc.cap.drop = sys_resource
lxc.cap.drop = sys_time
lxc.cap.drop = sys_tty_config
lxc.cap.drop = syslog
lxc.cap.drop = wake_alarm
# Default cgroups - all denied except those whitelisted
lxc.cgroup.devices.deny = a
## /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
## consoles
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
## /dev/{,u}random
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
## /dev/pts/*
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## fuse
lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## dev/tty0
lxc.cgroup.devices.allow = c 4:0 rwm
## dev/tty1
lxc.cgroup.devices.allow = c 4:1 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
# Blacklist some syscalls which are not safe in privileged
# containers
lxc.seccomp = /usr/share/lxc/config/common.seccomp

1
configure.ac
View File

@ -646,6 +646,7 @@ AC_CONFIG_FILES([
config/templates/ubuntu.common.conf config/templates/ubuntu.common.conf
config/templates/ubuntu.lucid.conf config/templates/ubuntu.lucid.conf
config/templates/ubuntu.userns.conf config/templates/ubuntu.userns.conf
config/templates/openwrt.common.conf
config/templates/userns.conf config/templates/userns.conf
config/yum/Makefile config/yum/Makefile
config/sysconfig/Makefile config/sysconfig/Makefile