From: Stéphane Graber <stgraber@ubuntu.com>
Date: Tue, 28 Jan 2014 09:56:37 +0000 (+0000)
Subject: gentoo: Add basic userns config
X-Git-Tag: lxc-1.0.0.beta4~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=705bfae0d801ae08761f30a98eaa61c64e0f66b6;p=thirdparty%2Flxc.git

gentoo: Add basic userns config

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
index 52bab7d3c..47969a976 100644
--- a/config/templates/Makefile.am
+++ b/config/templates/Makefile.am
@@ -9,6 +9,7 @@ templatesconfig_DATA = \
 	fedora.userns.conf \
 	gentoo.common.conf \
 	gentoo.moresecure.conf \
+	gentoo.userns.conf \
 	oracle.common.conf \
 	oracle.userns.conf \
 	plamo.common.conf \
diff --git a/config/templates/gentoo.userns.conf.in b/config/templates/gentoo.userns.conf.in
new file mode 100644
index 000000000..f47ede33d
--- /dev/null
+++ b/config/templates/gentoo.userns.conf.in
@@ -0,0 +1,16 @@
+# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
+lxc.cgroup.devices.deny =
+lxc.cgroup.devices.allow =
+
+# We can't move bind-mounts, so don't use /dev/lxc/
+lxc.devttydir =
+
+# Extra bind-mounts for userns
+lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
+lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
+lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
+lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
+
+# Extra fstab entries as mountall can't mount those by itself
+lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
+lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
diff --git a/configure.ac b/configure.ac
index 1f730d96a..f6c95c1e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -570,6 +570,7 @@ AC_CONFIG_FILES([
 	config/templates/fedora.userns.conf
 	config/templates/gentoo.common.conf
 	config/templates/gentoo.moresecure.conf
+	config/templates/gentoo.userns.conf
 	config/templates/oracle.common.conf
 	config/templates/oracle.userns.conf
 	config/templates/plamo.common.conf