From bd0ac0031c1b22edb357bcf871d39fde6a319b7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@higgsboson.tk>
Date: Fri, 18 Sep 2015 19:37:00 +0000
Subject: [PATCH] .

---
 base.conf     | 42 ++++++++++++++++++++++++++++++++++++++++++
 hooks/kdbusfs |  6 ++++++
 initial.conf  |  1 -
 lxc.conf      |  1 +
 4 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 base.conf
 create mode 100755 hooks/kdbusfs
 delete mode 100644 initial.conf
 create mode 100644 lxc.conf

diff --git a/base.conf b/base.conf
new file mode 100644
index 0000000..cebe689
--- /dev/null
+++ b/base.conf
@@ -0,0 +1,42 @@
+lxc.autodev = 1
+lxc.kmsg = 0
+# unprivileged containers
+lxc.include = /usr/share/lxc/config/common.conf.d/00-lxcfs.conf
+lxc.include = /usr/share/lxc/config/userns.conf
+lxc.id_map = u 0 100000 65536
+lxc.id_map = g 0 100000 65536
+lxc.cap.keep = chown dac_override dac_read_search fowner fsetid ipc_owner kill lease linux_immutable net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_chroot sys_nice sys_ptrace sys_tty_config sys_resource
+
+# Setup the LXC devices in /dev/lxc/
+lxc.devttydir =
+lxc.pts = 1024
+
+# Set the halt/stop signals
+lxc.haltsignal=SIGRTMIN+4
+lxc.stopsignal=SIGRTMIN+14
+
+# Blacklist some syscalls which are not safe in privileged containers (still needed?)
+lxc.seccomp = /etc/lxc/default.seccomp
+
+# networking
+lxc.network.type = veth
+lxc.network.link = br0
+lxc.network.flags = up
+lxc.network.mtu = 1500
+lxc.network.name = eth0
+lxc.network.ipv4.gateway = 172.23.75.66
+lxc.network.ipv6.gateway = 2a03:b0c0:0:1010::3d:b002
+
+lxc.cgroup.memory.soft_limit_in_bytes = 1500M
+lxc.cgroup.memory.limit_in_bytes = 2000M
+lxc.cgroup.cpu.shares = 256
+lxc.cgroup.blkio.weight = 500
+
+# Setup the default mounts
+lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+lxc.aa_profile = lxc-container-default-with-nesting
+lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
+#lxc.mount.entry = /run/systemd/journal mnt/journal none bind,ro,create=dir 0 0
+lxc.mount.entry = tmpfs dev/shm tmpfs nosuid,nodev,mode=1777,create=dir 0 0
+lxc.mount.entry = tmpfs run tmpfs nosuid,nodev,noexec,mode=0755,size=128m 0 0
+#lxc.mount.entry = kdbusfs sys/fs/kdbus kdbusfs defaults 0 0
diff --git a/hooks/kdbusfs b/hooks/kdbusfs
new file mode 100755
index 0000000..870f11b
--- /dev/null
+++ b/hooks/kdbusfs
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -x
+cd ${LXC_ROOTFS_MOUNT}/sys/fs
+mkdir kdbus
+mount -t kdbusfs kdbusfs kdbus
+#chown -R 100000:100000 kdbus/control
diff --git a/initial.conf b/initial.conf
deleted file mode 100644
index 6c88010..0000000
--- a/initial.conf
+++ /dev/null
@@ -1 +0,0 @@
-lxc.network.type = empty
diff --git a/lxc.conf b/lxc.conf
new file mode 100644
index 0000000..80ccc2c
--- /dev/null
+++ b/lxc.conf
@@ -0,0 +1 @@
+lxc.lxcpath = /lxc/