ubuntu templates: add comments to show how to enable nesting

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in
index 9f5cf1993c8b2fe32a315b4a13a2036be6f27dfd..7a56398d01bd17ca5f81a3a5651b968f12eac5ae 100644 (file)
--- a/templates/lxc-ubuntu-cloud.in
+++ b/templates/lxc-ubuntu-cloud.in
@@ -59,6 +59,9 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 
 # When using LXC with apparmor, uncomment the next line to run unconfined:
 #lxc.aa_profile = unconfined
+# To support container nesting on an Ubuntu host, uncomment next two lines:
+#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
 
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)

diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index 37a1b9c1372ade712c7abf17c0a3862ae0068c81..02ffa199dabba66825504db8342512cb17490d28 100644 (file)
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -382,6 +382,9 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 
 # When using LXC with apparmor, uncomment the next line to run unconfined:
 #lxc.aa_profile = unconfined
+# To support container nesting on an Ubuntu host, uncomment next two lines:
+#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
 
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)