diff --git a/config/templates/debian.common.conf.in b/config/templates/debian.common.conf.in index e034b954c..07c2bc8b1 100644 --- a/config/templates/debian.common.conf.in +++ b/config/templates/debian.common.conf.in @@ -9,10 +9,6 @@ lxc.devttydir = # (uncommented) to the container's configuration file. #lxc.aa_profile = unconfined -# To support container nesting on an Ubuntu host while retaining most of -# apparmor's added security, use the following line instead. -#lxc.aa_profile = lxc-container-default-with-nesting - # If you wish to allow mounting block filesystems, then use the following # line instead, and make sure to grant access to the block device and/or loop # devices below in lxc.cgroup.devices.allow. diff --git a/config/templates/ubuntu.common.conf.in b/config/templates/ubuntu.common.conf.in index 7e171de84..a1c60d244 100644 --- a/config/templates/ubuntu.common.conf.in +++ b/config/templates/ubuntu.common.conf.in @@ -12,10 +12,6 @@ lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0 # (uncommented) to the container's configuration file. #lxc.aa_profile = unconfined -# To support container nesting on an Ubuntu host while retaining most of -# apparmor's added security, use the following line instead. -#lxc.aa_profile = lxc-container-default-with-nesting - # Uncomment the following line to autodetect squid-deb-proxy configuration on the # host and forward it to the guest at start time. #lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client diff --git a/templates/lxc-cirros.in b/templates/lxc-cirros.in index 55fc257c2..395416ba2 100644 --- a/templates/lxc-cirros.in +++ b/templates/lxc-cirros.in @@ -130,8 +130,6 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time # When using LXC with apparmor, uncomment the next line to run unconfined: #lxc.aa_profile = unconfined -# To support container nesting on an Ubuntu host, uncomment next two lines: -#lxc.aa_profile = lxc-container-default-with-nesting lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed lxc.cgroup.devices.deny = a