From: brauner Date: Sun, 8 Feb 2015 15:48:31 +0000 (+0100) Subject: config: Allow all containers to use fuse X-Git-Tag: lxc-2.0.0.beta1~364 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a38e3e325d651200b0aac77ef5287f36e8c46a63;p=thirdparty%2Flxc.git config: Allow all containers to use fuse This enables containers to mount fuse filesystems per default. The mount is designed to be safe. Hence, it can be enabled per default in common.conf. It will lead to a cleaner boot for some unprivileged systemd-based containers. Signed-off-by: Christian Brauner Acked-by: Stéphane Graber --- diff --git a/config/templates/common.conf.in b/config/templates/common.conf.in index 26b322964..80f31ced0 100644 --- a/config/templates/common.conf.in +++ b/config/templates/common.conf.in @@ -42,9 +42,12 @@ lxc.cgroup.devices.allow = c 1:8 rwm lxc.cgroup.devices.allow = c 1:9 rwm ### /dev/pts/* lxc.cgroup.devices.allow = c 136:* rwm +### fuse +lxc.cgroup.devices.allow = c 10:229 rwm # Setup the default mounts lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed +lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 # Blacklist some syscalls which are not safe in privileged # containers diff --git a/config/templates/debian.common.conf.in b/config/templates/debian.common.conf.in index 493feee33..e034b954c 100644 --- a/config/templates/debian.common.conf.in +++ b/config/templates/debian.common.conf.in @@ -4,9 +4,6 @@ lxc.include = @LXCTEMPLATECONFIG@/common.conf # Doesn't support consoles in /dev/lxc/ lxc.devttydir = -# Default mount entries -lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 - # When using LXC with apparmor, the container will be confined by default. # If you wish for it to instead run unconfined, copy the following line # (uncommented) to the container's configuration file. @@ -24,8 +21,6 @@ lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,opt # Extra cgroup device access ## rtc lxc.cgroup.devices.allow = c 254:0 rm -## fuse -lxc.cgroup.devices.allow = c 10:229 rwm ## tun lxc.cgroup.devices.allow = c 10:200 rwm ## hpet diff --git a/config/templates/gentoo.common.conf.in b/config/templates/gentoo.common.conf.in index 01c8f4885..ca3ffc160 100644 --- a/config/templates/gentoo.common.conf.in +++ b/config/templates/gentoo.common.conf.in @@ -12,8 +12,6 @@ lxc.devttydir = # Extra cgroup device access ## rtc lxc.cgroup.devices.allow = c 254:0 rm -## fuse -lxc.cgroup.devices.allow = c 10:229 rwm ## tun lxc.cgroup.devices.allow = c 10:200 rwm ## hpet diff --git a/config/templates/openwrt.common.conf.in b/config/templates/openwrt.common.conf.in index 6609333c6..878e8390c 100644 --- a/config/templates/openwrt.common.conf.in +++ b/config/templates/openwrt.common.conf.in @@ -34,8 +34,6 @@ lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 136:* rwm ## rtc lxc.cgroup.devices.allow = c 254:0 rm -## fuse -lxc.cgroup.devices.allow = c 10:229 rwm ## tun lxc.cgroup.devices.allow = c 10:200 rwm ## dev/tty0 diff --git a/config/templates/plamo.common.conf.in b/config/templates/plamo.common.conf.in index 888fa4b68..718fc5354 100644 --- a/config/templates/plamo.common.conf.in +++ b/config/templates/plamo.common.conf.in @@ -7,5 +7,3 @@ lxc.devttydir = # Extra cgroup device access ## rtc lxc.cgroup.devices.allow = c 254:0 rm -## fuse -lxc.cgroup.devices.allow = c 10:229 rwm diff --git a/config/templates/ubuntu.common.conf.in b/config/templates/ubuntu.common.conf.in index d1ce8e99f..857c255e7 100644 --- a/config/templates/ubuntu.common.conf.in +++ b/config/templates/ubuntu.common.conf.in @@ -2,7 +2,6 @@ lxc.include = @LXCTEMPLATECONFIG@/common.conf # Default mount entries -lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0 lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0 lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0 @@ -28,8 +27,6 @@ lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0 # Extra cgroup device access ## rtc lxc.cgroup.devices.allow = c 254:0 rm -## fuse -lxc.cgroup.devices.allow = c 10:229 rwm ## tun lxc.cgroup.devices.allow = c 10:200 rwm ## hpet