From: Serge Hallyn Date: Tue, 28 May 2013 19:07:43 +0000 (-0500) Subject: lxc.conf.sgml.in: fill in missing configuration file statements X-Git-Tag: lxc-1.0.0.alpha1~1^2~181 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64f782ca69c70fd155427a81d69fda593981e770;p=thirdparty%2Flxc.git lxc.conf.sgml.in: fill in missing configuration file statements Signed-off-by: Serge Hallyn --- diff --git a/doc/lxc.conf.sgml.in b/doc/lxc.conf.sgml.in index af8663add..6500e50ba 100644 --- a/doc/lxc.conf.sgml.in +++ b/doc/lxc.conf.sgml.in @@ -75,6 +75,32 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA the line is a comment. + + Configuration + + In order to ease administration of multiple related containers, it + is possible to have a container configuration file cause another + file to be loaded. For instance, network configuration + can be defined in one common file which is included by multiple + containers. Then, if the containers are moved to another host, + only one file may need to be updated. + + + + + + + + + + Specify the file to be included. The included file must be + in the same valid lxc configuration file format. + + + + + + Architecture @@ -395,6 +421,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA type, other arguments may be passed: veth/macvlan/phys. And finally (host-sided) device name. + + Standard output from the script is logged at debug level. + Standard error is not logged, but can be captured by the + hook redirecting its standard error to standard output. + @@ -415,6 +446,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA type, other arguments may be passed: veth/macvlan/phys. And finally (host-sided) device name. + + Standard output from the script is logged at debug level. + Standard error is not logged, but can be captured by the + hook redirecting its standard error to standard output. + @@ -738,6 +774,56 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + Apparmor profile + + If lxc was compiled and installed with apparmor support, and the host + system has apparmor enabled, then the apparmor profile under which the + container should be run can be specified in the container + configuration. The default is lxc-container-default. + + + + + + + + + Specify the apparmor profile under which the container should + be run. To specify that the container should be unconfined, + use + + lxc.aa_profile = unconfined + + + + + + + Seccomp configuration + + A container can be started with a reduced set of available + system calls by loading a seccomp profile at startup. The + seccomp configuration file should begin with a version number + (which currently must be 1) on the first line, a policy type + (which must be 'whitelist') on the second line, followed by a + list of allowed system call numbers, one per line. + + + + + + + + + Specify a file containing the seccomp configuration to + load before the container starts. + + + + + + UID mappings @@ -775,6 +861,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Container hooks are programs or scripts which can be executed at various times in a container's lifetime. + + Standard output from the hooks is logged at debug level. + Standard error is not logged, but can be captured by the + hook redirecting its standard error to standard output. + @@ -978,6 +1069,54 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + Logging + + Logging can be configured on a per-container basis. By default, + depending upon how the lxc package was compiled, container startup + is logged only at the ERROR level, and logged to a file named after + the container (with '.log' appended) either under the container path, + or under @LOGPATH@. + + + Both the default log level and the log file can be specified in the + container configuration file, overriding the default behavior. Note + that the configuration file entries can in turn be overridden by the + command line options to lxc-start. + + + + + + + + + The level at which to log. The log level is an integer in + the range of 0..8 inclusive, where a lower number means more + verbose debugging. In particular 0 = trace, 1 = debug, 2 = + info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 = + alert, and 8 = fatal. If unspecified, the level defaults + to 5 (error), so that only errors and above are logged. + + + Note that when a script (such as either a hook script or a + network interface up or down script) is called, the script's + standard output is logged at level 1, debug. + + + + + + + + + + The file to which logging info should be written. + + + + +