.
This commit is contained in:
parent
da8aa5b77e
commit
bd0ac0031c
42
base.conf
Normal file
42
base.conf
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
lxc.autodev = 1
|
||||||
|
lxc.kmsg = 0
|
||||||
|
# unprivileged containers
|
||||||
|
lxc.include = /usr/share/lxc/config/common.conf.d/00-lxcfs.conf
|
||||||
|
lxc.include = /usr/share/lxc/config/userns.conf
|
||||||
|
lxc.id_map = u 0 100000 65536
|
||||||
|
lxc.id_map = g 0 100000 65536
|
||||||
|
lxc.cap.keep = chown dac_override dac_read_search fowner fsetid ipc_owner kill lease linux_immutable net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_chroot sys_nice sys_ptrace sys_tty_config sys_resource
|
||||||
|
|
||||||
|
# Setup the LXC devices in /dev/lxc/
|
||||||
|
lxc.devttydir =
|
||||||
|
lxc.pts = 1024
|
||||||
|
|
||||||
|
# Set the halt/stop signals
|
||||||
|
lxc.haltsignal=SIGRTMIN+4
|
||||||
|
lxc.stopsignal=SIGRTMIN+14
|
||||||
|
|
||||||
|
# Blacklist some syscalls which are not safe in privileged containers (still needed?)
|
||||||
|
lxc.seccomp = /etc/lxc/default.seccomp
|
||||||
|
|
||||||
|
# networking
|
||||||
|
lxc.network.type = veth
|
||||||
|
lxc.network.link = br0
|
||||||
|
lxc.network.flags = up
|
||||||
|
lxc.network.mtu = 1500
|
||||||
|
lxc.network.name = eth0
|
||||||
|
lxc.network.ipv4.gateway = 172.23.75.66
|
||||||
|
lxc.network.ipv6.gateway = 2a03:b0c0:0:1010::3d:b002
|
||||||
|
|
||||||
|
lxc.cgroup.memory.soft_limit_in_bytes = 1500M
|
||||||
|
lxc.cgroup.memory.limit_in_bytes = 2000M
|
||||||
|
lxc.cgroup.cpu.shares = 256
|
||||||
|
lxc.cgroup.blkio.weight = 500
|
||||||
|
|
||||||
|
# Setup the default mounts
|
||||||
|
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
|
||||||
|
lxc.aa_profile = lxc-container-default-with-nesting
|
||||||
|
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
|
||||||
|
#lxc.mount.entry = /run/systemd/journal mnt/journal none bind,ro,create=dir 0 0
|
||||||
|
lxc.mount.entry = tmpfs dev/shm tmpfs nosuid,nodev,mode=1777,create=dir 0 0
|
||||||
|
lxc.mount.entry = tmpfs run tmpfs nosuid,nodev,noexec,mode=0755,size=128m 0 0
|
||||||
|
#lxc.mount.entry = kdbusfs sys/fs/kdbus kdbusfs defaults 0 0
|
6
hooks/kdbusfs
Executable file
6
hooks/kdbusfs
Executable file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -x
|
||||||
|
cd ${LXC_ROOTFS_MOUNT}/sys/fs
|
||||||
|
mkdir kdbus
|
||||||
|
mount -t kdbusfs kdbusfs kdbus
|
||||||
|
#chown -R 100000:100000 kdbus/control
|
@ -1 +0,0 @@
|
|||||||
lxc.network.type = empty
|
|
Loading…
Reference in New Issue
Block a user