]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1609f0f)
gentoo: Add basic userns config
authorStéphane Graber <stgraber@ubuntu.com>
Tue, 28 Jan 2014 09:56:37 +0000 (09:56 +0000)
committerStéphane Graber <stgraber@ubuntu.com>
Tue, 28 Jan 2014 09:57:46 +0000 (09:57 +0000)
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
config/templates/Makefile.am patch | blob | blame | history
config/templates/gentoo.userns.conf.in [new file with mode: 0644] patch | blob
configure.ac patch | blob | blame | history

diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
index 52bab7d3c8d1527ee121a9fe0fcf94b0edba0634..47969a9761cb857b5c15bb0f40affd9d8b07956b 100644 (file)
--- a/config/templates/Makefile.am
+++ b/config/templates/Makefile.am
@@ -9,6 +9,7 @@ templatesconfig_DATA = \
        fedora.userns.conf \
        gentoo.common.conf \
        gentoo.moresecure.conf \
+       gentoo.userns.conf \
        oracle.common.conf \
        oracle.userns.conf \
        plamo.common.conf \
diff --git a/config/templates/gentoo.userns.conf.in b/config/templates/gentoo.userns.conf.in
new file mode 100644 (file)
index 0000000..f47ede3
--- /dev/null
+++ b/config/templates/gentoo.userns.conf.in
@@ -0,0 +1,16 @@
+# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
+lxc.cgroup.devices.deny =
+lxc.cgroup.devices.allow =
+
+# We can't move bind-mounts, so don't use /dev/lxc/
+lxc.devttydir =
+
+# Extra bind-mounts for userns
+lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
+lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
+lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
+lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
+
+# Extra fstab entries as mountall can't mount those by itself
+lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
+lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
diff --git a/configure.ac b/configure.ac
index 1f730d96a57062d1bfb4b12702ddbc1c5eba069f..f6c95c1e6c5ce1b8d76c2dcfcefc33d36fabe3ca 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -570,6 +570,7 @@ AC_CONFIG_FILES([
        config/templates/fedora.userns.conf
        config/templates/gentoo.common.conf
        config/templates/gentoo.moresecure.conf
+       config/templates/gentoo.userns.conf
        config/templates/oracle.common.conf
        config/templates/oracle.userns.conf
        config/templates/plamo.common.conf
Mirror of https://github.com/lxc/lxc.git